Lucene search
Jacob Baines - Tenable Network SecurityZDI-16-572HistoryNov 01, 2016 - 12:00 a.m.
Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability
2016-11-0100:00:00
Jacob Baines - Tenable Network Security
www.zerodayinitiative.com
91
0.102 Low
EPSS
Percentile
95.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the use of Apache Commons DiskFileItem. It is possible to execute arbitrary commands upon deserialization of untrusted data. The attacker can leverage this vulnerability to execute code in the context of the process.
Related
prion
prion
Design/Logic Flaw
2016-10-25 14:30:00
cve
cve
CVE-2016-5535
2016-10-25 14:30:10
cvelist
cvelist
CVE-2016-5535
2016-10-25 14:00:00
nvd
nvd
CVE-2016-5535
2016-10-25 14:30:10
nessus
nessus
Oracle WebLogic Server Java Object Deserialization RCE (October 2016 CPU)
2016-11-03 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (October 2016 CPU)
2016-10-26 00:00:00
openvas
openvas
Oracle WebLogic Server Remote Code Execution Vulnerability (Nov 2016)
2016-11-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00