Oracle WebLogic Server: CVE-2015-4852 patched

Published: 2015-11-12
Last Updated: 2015-11-12 15:49:15 UTC
by Rick Wanner (Version: 1)
1 comment(s)

Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852 is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server.  This vulnerability permits remote exploitation without authentication and should be patched as soon as practical. 

More information can be found at the Oracle Blog.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords:
1 comment(s)

Comments

I think initial posting has been
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

Mass scanner for the Java serialize bug
https://github.com/johndekroon/serializekiller

Diary Archives