WebLogic Security Alert

Oracle released a WebLogic security alert (CVE-2015-4852) yesterday that affects the T3 and T3S protocol. The patch will be released soon, but there are some steps you can take to mitigate the vulnerability.

If you aren’t familiar with the T3 protocol, it is used to communicate between the JVM and WebLogic. It is proprietary to WebLogic can improve performance for java applications that use JDBC connections.

From Oracle’s post on the vulnerability:

Oracle WebLogic Server, versions,,, are affected.

  • Mitigation recommendations are available at MOS Note 2076338.1, and will be updated as new information becomes available.
  • Creation of Oracle WebLogic Server patches is in progress. Patch Availability information will be updated at MOS Note 2075927.1

One thought on “WebLogic Security Alert

Comments are closed.