CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-4852

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score93.7870%
EPSS Percentile95.58th
Published2015年11月18日
Last Modified2026年4月21日

Vulnerability Description

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Affected Platforms (CPE)

📦
Oracle

Virtual Desktop Infrastructure

<= 3.5.2
📦
Oracle

Storagetek Tape Analytics Sw Tool

= 2.3
📦
Oracle

Weblogic Server

= 10.3.6.0.0
📦
Oracle

Weblogic Server

= 12.1.2.0.0
📦
Oracle

Weblogic Server

= 12.1.3.0.0
📦
Oracle

Weblogic Server

= 12.2.1.0.0

References & Advisories

🔗 http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
🔗 http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
🔗 http://www.openwall.com/lists/oss-security/2015/11/17/19
🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
🔗 http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html

相關漏洞威脅

CVE-2009-39237.5

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which...

CVE-2011-35713.6

Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authent...

CVE-2009-28563.5

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to es...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...