Impact from CVE-2022-42889 on Oracle 12.2.1.4 weblogic http server ( after oct 2022 patches)
Searching for CVE-2022-42889 ( apache commons-text*.jar) in oracle support returns no information regarding oracle http server in weblogic application server.
We are using oracle weblogic with oracle http server ( derived from apache webserver).
If we are searching the weblogic server directories we find several commons-text*.jar files.
Some of the names indicating the old unsafe versions like commons-text-1.6.jar ( below 1.10.0 is vulnerable).
Of cause we don't know what versions are really used.
Is weblogic 12.2.1.4 http server with october patches 2022 safe to use regarding the CVE-2022-42889 vulnerability, or is there a patch coming for this cve ??