Executive Summary

Informations
Name CVE-2015-4852 First vendor Publication 2015-11-18
Vendor Cve Last vendor Modification 2023-12-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 9.8
Base Score 9.8 Environmental Score 9.8
impact SubScore 5.9 Temporal Score 9.8
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-502 Deserialization of Untrusted Data

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 4

SAINT Exploits

Description Link
Oracle WebLogic Apache Commons library deserialization vulnerability More info here

Snort® IPS/IDS

Date Description
2016-03-29 Java Library CommonsCollection unauthorized serialized object attempt
RuleID : 37860 - Revision : 5 - Type : SERVER-WEBAPP
2016-03-29 Java Library CommonsCollection unauthorized serialized object attempt
RuleID : 37859 - Revision : 6 - Type : SERVER-WEBAPP
2016-03-14 Java Library CommonsCollection unauthorized serialized object attempt
RuleID : 36826 - Revision : 11 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-07-21 Name : An application running on the remote web server is affected by multiple vulne...
File : oracle_primavera_gateway_cpu_jul_2017.nasl - Type : ACT_GATHER_INFO
2017-05-02 Name : A web application running on the remote host is affected by a remote code exe...
File : cisco_security_java_deser.nasl - Type : ACT_ATTACK
2017-05-02 Name : A network management system running on the remote host is affected by a remot...
File : cisco_prime_lms_java_deser.nasl - Type : ACT_ATTACK
2017-01-25 Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_3_2_2_1075.nasl - Type : ACT_GATHER_INFO
2017-01-25 Name : A web application running on the remote host is affected by a remote code exe...
File : mysql_enterprise_monitor_3_1_6_7959.nasl - Type : ACT_GATHER_INFO
2017-01-25 Name : A web application running on the remote host is affected by multiple vulnerab...
File : mysql_enterprise_monitor_3_1_5_7958.nasl - Type : ACT_GATHER_INFO
2016-11-17 Name : A web management application running on the remote host is affected by multip...
File : hp_nnmi_console_10_10.nasl - Type : ACT_GATHER_INFO
2016-10-26 Name : An application server installed on the remote host is affected by multiple vu...
File : oracle_weblogic_server_cpu_oct_2016.nasl - Type : ACT_GATHER_INFO
2016-10-10 Name : The remote device is affected by a remote code execution vulnerability.
File : cisco_cucm_CSCux34835.nasl - Type : ACT_GATHER_INFO
2016-08-24 Name : A web application hosted on the remote web server is affected by a remote cod...
File : hp_intelligent_management_center_7_2.nasl - Type : ACT_GATHER_INFO
2016-07-25 Name : The remote web server is affected by a remote code execution vulnerability.
File : hp_ucmdb_server_cve-2016-4368.nasl - Type : ACT_ATTACK
2016-07-20 Name : The Nexus Repository Manager server running on the remote host is affected by...
File : sonatype_nexus_deserialization.nasl - Type : ACT_GATHER_INFO
2016-07-13 Name : The remote SolarWinds Virtualization Manager server is affected by a remote c...
File : solarwinds_virtualization_manager_rmi_deserialization.nasl - Type : ACT_ATTACK
2016-05-12 Name : A web-based application running on the remote Windows host is affected by mul...
File : coldfusion_win_apsb16-16.nasl - Type : ACT_GATHER_INFO
2016-05-03 Name : The remote host has a web application installed that is affected by a remote ...
File : oracle_oats_cpu_apr_2016.nasl - Type : ACT_GATHER_INFO
2016-04-26 Name : The NetIQ Sentinel server installed on the remote host is affected by multipl...
File : netiq_sentinel_7_4_1_0.nasl - Type : ACT_GATHER_INFO
2016-04-20 Name : The remote NetIQ Sentinel server is affected by a remote code execution vulne...
File : netiq_sentinel_rmi_deserialization.nasl - Type : ACT_ATTACK
2016-03-23 Name : The remote host is affected by a remote code execution vulnerability.
File : hp_operations_orchestration_hpsbgn03560.nasl - Type : ACT_GATHER_INFO
2016-03-14 Name : The remote web server hosts a job scheduling and management system that is af...
File : jenkins_1_650.nasl - Type : ACT_GATHER_INFO
2016-02-29 Name : The remote web server is affected by a remote code execution vulnerability.
File : jenkins_security247.nasl - Type : ACT_ATTACK
2016-02-17 Name : The remote Lexmark Markvision Enterprise server is affected by a remote code ...
File : lexmark_markvision_enterprise_2016_1487.nasl - Type : ACT_ATTACK
2016-02-08 Name : A security management application installed on the remote Windows host is aff...
File : mcafee_epo_sb10144.nasl - Type : ACT_GATHER_INFO
2016-02-03 Name : The remote host is affected by a remote code execution vulnerability.
File : hp_operations_manager_for_win_CVE-2016-1985_local.nasl - Type : ACT_GATHER_INFO
2016-01-06 Name : The remote host has a virtualization application installed that is affected b...
File : vmware_orchestrator_vmsa_2015_0009.nasl - Type : ACT_GATHER_INFO
2016-01-06 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_orchestrator_appliance_vmsa_2015_0009.nasl - Type : ACT_GATHER_INFO
2015-12-18 Name : An application running on the remote host is affected by an arbitrary command...
File : symantec_endpoint_prot_mgr_2015_6554.nasl - Type : ACT_ATTACK
2015-12-17 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL30518307.nasl - Type : ACT_GATHER_INFO
2015-12-16 Name : The remote host is running a web application that is affected by a remote cod...
File : activemq_5_13_0.nasl - Type : ACT_GATHER_INFO
2015-12-10 Name : The remote OpenNMS server is affected by a remote code execution vulnerability.
File : opennms_java_serialize.nasl - Type : ACT_ATTACK
2015-12-10 Name : The remote JBoss server is affected by multiple remote code execution vulnera...
File : jboss_java_serialize.nasl - Type : ACT_ATTACK
2015-12-02 Name : The remote WebSphere Application Server is affected by a remote code executio...
File : websphere_java_serialize.nasl - Type : ACT_ATTACK
2015-11-23 Name : The remote Oracle WebLogic server is affected by a remote code execution vuln...
File : weblogic_2015_4852.nasl - Type : ACT_ATTACK
2015-11-17 Name : The remote web server is affected by a remote code execution vulnerability.
File : jenkins_security218.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/77539
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333...
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852
EXPLOIT-DB https://www.exploit-db.com/exploits/42806/
https://www.exploit-db.com/exploits/46628/
MISC http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenki...
http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserializ...
https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
MLIST http://www.openwall.com/lists/oss-security/2015/11/17/19
SECTRACK http://www.securitytracker.com/id/1038292

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Date Informations
2023-12-21 21:28:39
  • Multiple Updates
2021-05-05 01:18:11
  • Multiple Updates
2021-05-04 12:40:33
  • Multiple Updates
2021-04-22 01:49:28
  • Multiple Updates
2020-05-23 13:17:07
  • Multiple Updates
2020-05-23 01:56:07
  • Multiple Updates
2020-05-23 00:45:45
  • Multiple Updates
2019-03-29 00:19:06
  • Multiple Updates
2019-03-28 05:19:02
  • Multiple Updates
2018-10-31 00:20:49
  • Multiple Updates
2018-01-18 21:22:33
  • Multiple Updates
2018-01-11 12:06:33
  • Multiple Updates
2017-11-18 09:22:06
  • Multiple Updates
2017-09-30 09:23:37
  • Multiple Updates
2017-07-11 12:04:19
  • Multiple Updates
2017-04-25 09:23:19
  • Multiple Updates
2016-11-29 00:25:17
  • Multiple Updates
2016-11-02 00:29:40
  • Multiple Updates
2016-10-26 09:22:46
  • Multiple Updates
2016-03-31 05:24:31
  • Multiple Updates
2016-01-22 09:22:27
  • Multiple Updates
2015-12-18 13:27:38
  • Multiple Updates
2015-11-24 21:26:41
  • Multiple Updates
2015-11-24 13:26:45
  • Multiple Updates
2015-11-19 21:24:57
  • Multiple Updates
2015-11-18 21:24:32
  • First insertion