The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Virtual_desktop_infrastructure | Oracle | * | 3.5.2 (including) |
Libcommons-collections3-java | Ubuntu | esm-infra-legacy/trusty | * |
Libcommons-collections3-java | Ubuntu | precise | * |
Libcommons-collections3-java | Ubuntu | trusty | * |
Libcommons-collections3-java | Ubuntu | trusty/esm | * |
Libcommons-collections3-java | Ubuntu | upstream | * |
Libcommons-collections3-java | Ubuntu | vivid | * |
Libcommons-collections3-java | Ubuntu | wily | * |
Libcommons-collections4-java | Ubuntu | trusty | * |
Libcommons-collections4-java | Ubuntu | upstream | * |
Libcommons-collections4-java | Ubuntu | vivid | * |
Libcommons-collections4-java | Ubuntu | wily | * |
Libxalan2-java | Ubuntu | artful | * |
Libxalan2-java | Ubuntu | precise | * |
Libxalan2-java | Ubuntu | vivid | * |
Libxalan2-java | Ubuntu | wily | * |
Libxalan2-java | Ubuntu | yakkety | * |
Libxalan2-java | Ubuntu | zesty | * |
Openjdk-6 | Ubuntu | precise | * |
Openjdk-6 | Ubuntu | trusty | * |
Openjdk-6 | Ubuntu | vivid | * |
Openjdk-6 | Ubuntu | wily | * |
Openjdk-7 | Ubuntu | precise | * |
Openjdk-7 | Ubuntu | trusty | * |
Openjdk-7 | Ubuntu | vivid | * |
Openjdk-7 | Ubuntu | wily | * |
Openjdk-8 | Ubuntu | artful | * |
Openjdk-8 | Ubuntu | bionic | * |
Openjdk-8 | Ubuntu | cosmic | * |
Openjdk-8 | Ubuntu | devel | * |
Openjdk-8 | Ubuntu | disco | * |
Openjdk-8 | Ubuntu | eoan | * |
Openjdk-8 | Ubuntu | esm-apps/bionic | * |
Openjdk-8 | Ubuntu | esm-apps/focal | * |
Openjdk-8 | Ubuntu | esm-apps/jammy | * |
Openjdk-8 | Ubuntu | esm-apps/noble | * |
Openjdk-8 | Ubuntu | esm-infra/xenial | * |
Openjdk-8 | Ubuntu | focal | * |
Openjdk-8 | Ubuntu | groovy | * |
Openjdk-8 | Ubuntu | hirsute | * |
Openjdk-8 | Ubuntu | impish | * |
Openjdk-8 | Ubuntu | jammy | * |
Openjdk-8 | Ubuntu | kinetic | * |
Openjdk-8 | Ubuntu | lunar | * |
Openjdk-8 | Ubuntu | mantic | * |
Openjdk-8 | Ubuntu | noble | * |
Openjdk-8 | Ubuntu | oracular | * |
Openjdk-8 | Ubuntu | vivid | * |
Openjdk-8 | Ubuntu | wily | * |
Openjdk-8 | Ubuntu | xenial | * |
Openjdk-8 | Ubuntu | yakkety | * |
Openjdk-8 | Ubuntu | zesty | * |