CVE DATABASE  /  CVE-2015-4852

CVE-2015-4852

Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability

Summary

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

CVSS 3.1 breakdown

Weakness type (CWE)

• CWE-502

Affected products

References

• http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
• http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
• http://www.openwall.com/lists/oss-security/2015/11/17/19
• http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• http://www.securityfocus.com/bid/77539
• http://www.securitytracker.com/id/1038292
• https://blogs.oracle.com/security/entry/security_alert_cve_2015_4852
• https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
• https://www.exploit-db.com/exploits/42806/
• https://www.exploit-db.com/exploits/46628/

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.