AnsweredAssumed Answered

QID 86340

Question asked by Laurence O'Toole on Nov 16, 2015

New QID 86340 for WebLogic.  Oracle describes this vulerability as follows:  "CVE-2015-4852 remote code execution vulnerability in Oracle WebLogic Server can be exploited through WebLogic Server’s T3 protocol, over which malicious serialized payloads can be delivered. This vulnerability can be mitigated by preventing clients from accessing ports listening for the T3 protocol."

It appears that Qualys is using the WebLogic version to report this as a vulnerability rather than utilizing the T3 protocol to verify the vulnerability exists.  Can you please confirm that this is the case?