CVE-2015-4852 PoC — Oracle WebLogic Server WLS Security组件安全漏洞

Source

https://github.com/zhzhdoai/Weblogic_Vuln

Associated Vulnerability

Title:Oracle WebLogic Server WLS Security组件安全漏洞 (CVE-2015-4852)
Description:The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Description

CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC

Readme

# Preface
      文章详细分析了Weblogic历史从CVE-2015至CVE-2019相关历史漏洞，并整理相关POC于[Weblogic_Vuln](https://github.com/zhzhdoai/Weblogic_Vuln.git).记录学习Java反序列化漏洞的心得笔记.欢迎start、issue.
  
  
# Weblogic_Vuln
    CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC持续跟新...

# Env
- Jdk7u21
- 10.3.6.0
- debian

# Paper
    [Weblogic T3反序列化历史漏洞(一)](https://zhzhdoai.github.io/2020/08/10/Weblogic-T3%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%8E%86%E5%8F%B2%E6%BC%8F%E6%B4%9E-%E4%B8%80/)

File Snapshot


 [4.0K]  /data/pocs/07151f4b014f85f7850518a26c71847543d64216
├── [ 588]  README.md
└── [4.0K]  Weblogic_Vuln
    ├── [  80]  CVE-2016-0638.iml
    ├── [4.0K]  lib
    │   ├── [ 99K]  com.bea.core.logging_1.9.0.0.jar
    │   ├── [104K]  com.bea.core.management.core_2.9.0.1.jar
    │   ├── [1.4M]  com.oracle.core.weblogic.msgcat_1.2.0.0.jar
    │   ├── [2.4M]  cryptoj.jar
    │   ├── [872K]  glassfish.jaxb_1.1.0.0_2-1-14.jar
    │   ├── [ 35M]  weblogic.jar
    │   ├── [764K]  wljmsclient.jar
    │   ├── [3.1M]  wlthint3client.jar
    │   └── [ 54M]  ysoserial-master-30099844c6-1.jar
    ├── [ 799]  pom.xml
    ├── [4.0K]  src
    │   └── [4.0K]  main
    │       └── [4.0K]  java
    │           ├── [4.0K]  com
    │           │   └── [4.0K]  weblogcVul
    │           │       ├── [2.6K]  CVE_2015_4852.java
    │           │       ├── [2.9K]  CVE_2016_0638.java
    │           │       ├── [2.9K]  CVE_2016_3510.java
    │           │       └── [1.9K]  CVE_2019_2890.java
    │           └── [4.0K]  weblogic
    │               ├── [4.0K]  corba
    │               │   └── [4.0K]  utils
    │               │       └── [2.8K]  MarshalledObject.java
    │               ├── [4.0K]  jms
    │               │   └── [4.0K]  common
    │               │       └── [ 38K]  StreamMessageImpl.java
    │               └── [4.0K]  wsee
    │                   └── [4.0K]  jaxws
    │                       └── [4.0K]  persistence
    │                           ├── [1.4K]  EncryptionUtil.java
    │                           └── [9.0K]  PersistentContext.java
    └── [4.0K]  target
        └── [4.0K]  classes
            ├── [4.0K]  com
            │   └── [4.0K]  weblogcVul
            │       ├── [3.2K]  CVE_2015_4852.class
            │       ├── [3.4K]  CVE_2016_0638.class
            │       ├── [3.4K]  CVE_2016_3510.class
            │       └── [2.8K]  CVE_2019_2890.class
            └── [4.0K]  weblogic
                ├── [4.0K]  corba
                │   └── [4.0K]  utils
                │       ├── [1.2K]  MarshalledObject$MarshalledObjectOutputStream.class
                │       └── [2.0K]  MarshalledObject.class
                ├── [4.0K]  jms
                │   └── [4.0K]  common
                │       └── [ 23K]  StreamMessageImpl.class
                └── [4.0K]  wsee
                    └── [4.0K]  jaxws
                        └── [4.0K]  persistence
                            ├── [1.6K]  EncryptionUtil.class
                            ├── [1.3K]  PersistentContext$State.class
                            └── [8.8K]  PersistentContext.class

27 directories, 30 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!