Security Alert CVE-2015-4852 was released on November 10th, 2015.

Security Alert CVE-2015-4852 was released on November 10th, 2015. This vulnerability, which involves the Apache Commons and Oracle WebLogic Server, has received a CVSS Base Score of 7.5. Due to the severity of CVE-2015-4852, Oracle strongly recommends applying mitigation steps and patches as soon as available. The Security Alert Advisory for CVE-2015-4852 is the starting point for relevant information. This Security Alert provides mitigation recommendations to be implemented while awaiting the release of Oracle WebLogic Server patches. It includes links to other important documents that provide a list of affected products and the patch availability information. It is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches or mitigation instructions. The Security Alert Advisory is available at the following location: http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html Mitigation instructions are available at: https://support.oracle.com/rs?type=doc&id=2076338.1 WebLogic Server Patch Availability information will be updated at: https://support.oracle.com/rs?type=doc&id=2075927.1 All Oracle Critical Patch Updates and Security Alerts are available on the Oracle Technology Network at: http://www.oracle.com/technetwork/topics/security/alerts-086861.html Sincerely, Customer Support of Oracle Corporation Copyright © 2015, Oracle Corporation and/or its affiliates. All rights reserved. Contact Us | Legal Notices and Terms of Use | Privacy Statement