Oracle Weblogic Server (MOSC)

MOSC Banner

Impact from CVE-2022-42889 on Oracle 12.2.1.4 weblogic http server ( after oct 2022 patches)

Searching for CVE-2022-42889 ( apache commons-text*.jar) in oracle support returns no information regarding oracle http server in weblogic application server.

We are using oracle weblogic with oracle http server ( derived from apache webserver).

If we are searching the weblogic server directories we find several commons-text*.jar files.

Some of the names indicating the old unsafe versions like commons-text-1.6.jar ( below 1.10.0 is vulnerable).

Of cause we don't know what versions are really used.

Is weblogic 12.2.1.4 http server with october patches 2022 safe to use regarding the CVE-2022-42889 vulnerability, or is there a patch coming for this cve ??

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center