Oracle WebLogic Server Java Object Deserialization RCE (Local Check)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an unspecified vulnerability.

Description :

The remote Oracle WebLogic server is affected by a remote code
execution vulnerability in the WLS Security component due to unsafe
deserialize calls of unauthenticated Java objects to the Apache
Commons Collections (ACC) library. An unauthenticated, remote attacker
can exploit this to execute arbitrary code on the target host.

See also :

http://www.nessus.org/u?e643827d
http://www.nessus.org/u?e0204f30

Solution :

Apply interim patch 22248372.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Misc.

Nessus Plugin ID: 87209 ()

Bugtraq ID: 77539

CVE ID: CVE-2015-4852

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now