Back to KEVs

CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 24, 2015
Published Date
November 18, 2015
Last Updated
February 04, 2025
Vendor
Oracle
Product
WebLogic Server
Description
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Tags
apache cisa metasploit_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2020-11-16 05:30:04 UTC) Source

References

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852 http://www.securitytracker.com/id/1038292 http://www.securityfocus.com/bid/77539 http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html http://www.openwall.com/lists/oss-security/2015/11/17/19 https://www.exploit-db.com/exploits/42806/ http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html https://www.exploit-db.com/exploits/46628/

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/weblogic_deserialize_rawobject.rb 2025-04-29 11:01:25 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

weblogic_deserialize_rawobject

Type: metasploit • Created: Unknown

Metasploit module for CVE-2015-4852

nex1less/CVE-2015-4852

Type: github • Created: 2020-11-16 05:30:04 UTC • Stars: 1

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • Detected by Metasploit