CVE-2015-4852

Summary

CVE	CVE-2015-4852
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-11-18 15:59:00 UTC
Updated	2023-12-21 01:31:00 UTC
Description	The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Risk And Classification

EPSS: 0.928380000 probability, percentile 0.997630000 (date 2026-04-02)

CISA KEV: Listed on 2021-11-03; due 2022-05-03; ransomware use Unknown

Problem Types: CWE-502

CISA Known Exploited Vulnerability

Vendor	Oracle
Product	WebLogic Server
Name	Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2015-4852

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Oracle	Storagetek Tape Analytics Sw Tool	2.3	All	All	All
Application	Oracle	Virtual Desktop Infrastructure	All	All	All	All
Application	Oracle	Weblogic Server	10.3.6.0.0	All	All	All
Application	Oracle	Weblogic Server	12.1.2.0.0	All	All	All
Application	Oracle	Weblogic Server	12.1.3.0.0	All	All	All
Application	Oracle	Weblogic Server	12.2.1.0.0	All	All	All
Application	Oracle	Weblogic Server	10.3.6.0.0	All	All	All
Application	Oracle	Weblogic Server	12.1.2.0.0	All	All	All
Application	Oracle	Weblogic Server	12.1.3.0.0	All	All	All
Application	Oracle	Weblogic Server	12.2.1.0.0	All	All	All

References

Reference	Source	Link	Tags
JavaUnserializeExploits/weblogic.py at master · foxglovesec/JavaUnserializeExploits · GitHub	MISC	github.com	Exploit
Oracle Critical Patch Update - January 2018	CONFIRM	www.oracle.com
Oracle Critical Patch Update - April 2017	CONFIRM	www.oracle.com
Oracle Critical Patch Update - October 2016	CONFIRM	www.oracle.com	Vendor Advisory
Oracle WebLogic Server CVE-2015-4852 Remote Code Execution Vulnerability	BID	www.securityfocus.com
Oracle Weblogic Server Deserialization Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit) - Multiple remote Exploit	EXPLOIT-DB	www.exploit-db.com
Security Alert CVE-2015-4852 Released (The Oracle Software Security Assurance Blog)	CONFIRM	blogs.oracle.com	Vendor Advisory
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution	EXPLOIT-DB	www.exploit-db.com
oss-security - Re: Assign CVE for common-collections remote code execution on deserialisation flaw	MLIST	www.openwall.com	Third Party Advisory
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability. \|	MISC	foxglovesecurity.com	Exploit, Technical Description
Oracle Security Alert CVE-2015-4852	CONFIRM	www.oracle.com	Vendor Advisory
Oracle Critical Patch Update - October 2017	CONFIRM	www.oracle.com
Solaris Flaws Let Remote and Local Users Obtain Elevated Privileges and Deny Service and Let Local Users Access and Modify Data - SecurityTracker	SECTRACK	www.securitytracker.com
Oracle Critical Patch Update - January 2016	CONFIRM	www.oracle.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.