CVE-2015-4852 Patch Availability Document for Oracle WebLogic Server Component of Oracle Fusion Midd
CVE-2015-4852 Patch Availability Document for Oracle WebLogic Server Component of Oracle Fusion Midd
Titleimage
Posted by Patrick Hamou on 2017:09:28 19:30:17
APPLIES TO: Oracle WebLogic Server, Oracle Fusion Middleware
Oracle WebLogic Server - Version 10.3.6 to 12.2.1.0.0
Oracle Fusion Middleware
Oracle WebLogic Server - Version 10.3 to 10.3
Information in this document applies to any platform.
This applies to any product deployment using Oracle WebLogic Server
PURPOSE: Oracle WebLogic Server component of Oracle Fusion Middleware
This document defines minimum releases and patches for the Oracle WebLogic Server component of Oracle Fusion Middleware to address the vulnerability described in the Oracle Security Alert for CVE-2015-4852: http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
DETAILS: Oracle Security Alert, CVE-2015-4852
It is important to read the Oracle Security Alert before reading this document. The table below defines minimum releases and patches for Oracle WebLogic Server.
See also Note 2076338.1 CVE-2015-4852 Mitigation Recommendations for Oracle WebLogic Server Component of Oracle Fusion Middleware
- January 2016 CPU Update: Beginning January 2016, CVE-2015-4852 fixes are now included in the below Patch Set Update (PSU) releases and higher:
- 12.2.1.0.1
- 12.1.3.0.6
- 12.1.2.0.8
- 10.3.6.0.13
To obtain the latest cumulative PSU, refer to the Critical Patch Update program at http://www.oracle.com/technetwork/topics/security/alerts-086861.html . Review the latest Advisory and click the "Fusion Middleware" link within to obtain the latest cumulative Patch Availability Document.
- Important: If you have a version older than 10.3.6 or 12.1.2, you must upgrade as per the Error Correction Policy: Note 950131.1, "Error Correction Support Dates for Oracle WebLogic Server".
- The initial patching requirements from November 2015 are listed below with patch links for all versions under error correction support:
WLS Release: 12.2.1.0
Required Patches: 12.2.1.0.0 Patch 22248372 for CVE-2015-4852
WLS Release: 12.1.3.0
Required Patches: PSU 12.1.3.0.5 (Patch 21370953) + 12.1.3.0.5 Patch 22248372 for CVE-2015-4852
WLS Release: 12.1.2.0
Required Patches: PSU 12.1.2.0.7 (Patch 21364493) + 12.1.2.0.7 Patch 22248372 for CVE-2015-4852
WLS Release: 10.3.6.0
Required Patches: PSU 10.3.6.0.12 (Patch 20780171) + 10.3.6.0.12 Patch 22248372 for CVE-2015-4852
o Patches are not password protected for versions listed above. Older versions are now expired.
o Due to issues with linking to the standard My Oracle Support patch download page, the above links go to an alternative updates.oracle.com location. If you have firewall rules on your network, you should adjust accordingly for the links to work.
o You may also access these patches by going to the "Patches and Updates" tab, perform a search on the above numbers and select your version.
Posted by Patrick Hamou on 2017:09:28 19:30:17