Back to search
CVE-2015-4852
Published: Nov 18, 2015
Modified: Oct 21, 2025
PUBLISHED
Description
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852
x_refsource_CONFIRM
1038292
vdb-entry
x_refsource_SECTRACK
77539
vdb-entry
x_refsource_BID
[oss-security] 20151117 Re: Assign CVE for common-collections remote code execution on deserialisation flaw
mailing-list
x_refsource_MLIST
42806
exploit
x_refsource_EXPLOIT-DB
46628
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now