Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Oracle WebLogic Server: CVE-2015-4852 patched - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle WebLogic Server: CVE-2015-4852 patched

Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852 is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server.  This vulnerability permits remote exploitation without authentication and should be patched as soon as practical. 

More information can be found at the Oracle Blog.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Rick

290 Posts
ISC Handler
I think initial posting has been
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

Mass scanner for the Java serialize bug
https://github.com/johndekroon/serializekiller
Anonymous

Sign Up for Free or Log In to start participating in the conversation!