CVE-2015-4852

Currently unrated

Key Information:

Vendor
Oracle
Status
Virtual Desktop Infrastructure
Vendor
CVE Published:
18 November 2015

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 96%πŸ¦… CISA Reported

Summary

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

serialator
Created by roo7break

serialization-vulnerability-scanner
Created by AndersonSingh

CVE-2015-4852
Created by nex1less

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2...
x_refsource_CONFIRM

EPSS Score

96% chance of being exploited in the next 30 days.

Timeline

  • πŸ¦…

    CISA Reported

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.