Ubuntu Security Notice 6936-1 - It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code.
915864c106ba1f20dec42a0e6d56fbfeba7b088c4b12b3f58c4bd561ac9b887b
This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.
e9fa1048c7115283a85c77ab6fc28657f1c314f5367d3be58cd22dda512105d6
This exploit tests the target Oracle WebLogic Server for Java Deserialization remote code execution vulnerability. The ysoserial payload causes the target to send Ping requests to the attacking machine. You can monitor ICMP ECHO requests on your attacking machine using TCPDump to know if the exploit was successful. Feel free to modify the payload (chunk2) with that of your choice. Do not worry about modifying the payload length each time you change the payload as this script will do it for you on the fly. Versions affected include 10.3.6.0, 12.1.2.0, 12.1.3.0 and 12.2.1.0.
ac556f1550022f3147ba71eb384d81217f8f01394258077e4047ca66a5f06464