mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
4.2 KiB
4.2 KiB
CVE-2015-4852
Description
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
POC
Reference
- http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
- http://packetstormsecurity.com/files/152268/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- https://www.exploit-db.com/exploits/42806/
- https://www.exploit-db.com/exploits/46628/
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/AndersonSingh/serialization-vulnerability-scanner
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Drun1baby/JavaSecurityLearning
- https://github.com/GhostTroops/TOP
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/Hpd0ger/weblogic_hpcmd
- https://github.com/JERRY123S/all-poc
- https://github.com/KimJun1010/WeblogicTool
- https://github.com/Komthie/Deserialization-Insecure
- https://github.com/MrTcsy/Exploit
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/ReAbout/audit-java
- https://github.com/Snakinya/Weblogic_Attack
- https://github.com/Weik1/Artillery
- https://github.com/Y4tacker/JavaSec
- https://github.com/ZTK-009/RedTeamer
- https://github.com/angeloqmartin/Vulnerability-Assessment
- https://github.com/apachecn-archive/Middleware-Vulnerability-detection
- https://github.com/asa1997/topgear_test
- https://github.com/awsassets/weblogic_exploit
- https://github.com/cross2to/betaseclab_tools
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/followboy1999/weblogic-deserialization
- https://github.com/hanc00l/weblogic_unserialize_exploit
- https://github.com/hashtagcyber/Exp
- https://github.com/hktalent/TOP
- https://github.com/jbmihoub/all-poc
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/koutto/jok3r-pocs
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/nex1less/CVE-2015-4852
- https://github.com/nihaohello/N-MiddlewareScan
- https://github.com/oneplus-x/jok3r
- https://github.com/onewinner/VulToolsKit
- https://github.com/password520/RedTeamer
- https://github.com/psadmin-io/weblogic-patching-scripts
- https://github.com/qiqiApink/apkRepair
- https://github.com/rabbitmask/WeblogicScan
- https://github.com/roo7break/serialator
- https://github.com/rosewachera-rw/vulnassessment
- https://github.com/safe6Sec/WeblogicVuln
- https://github.com/sourcery-ai-bot/Deep-Security-Reports
- https://github.com/superfish9/pt
- https://github.com/tdtc7/qps
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/zema1/oracle-vuln-crawler
- https://github.com/zhzhdoai/Weblogic_Vuln
- https://github.com/zzwlpx/weblogic