CVE-2015-4852

About vulnerability

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Affected product:

Apache Commons , Apache Hadoop , Apache Hive , Apache Spark , Apache Struts , Apache Velocity , Spring , acegi-security , avalon , avro , bookkeeper-common-allocator , cocoon , creadur-rat , cxf , directory-ldap-api , dropwizard-metrics-hadoop-metrics2-reporter , druid , elasticsearch , groovy , hbase , htmlunit , jackrabbit , java-opensaml , logging-flume , logging-log4j2 , myfaces , ws-wss4j

Affected packages:

spark-streaming_2.11 @ 2.4.8 (+932 more)

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.