Oracle WebLogic Server BadAttributeValueExpException deserialization
Added: 05/27/2020CVE: CVE-2020-2555
Background
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.Problem
A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpException object over the T3 protocol.Resolution
Apply the patch referenced in Oracle Critical Patch Update Advisory - January 2020.References
https://www.oracle.com/security-alerts/cpujan2020.htmlLimitations
Exploit works on Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 on Windows.Platforms
WindowsBack to exploit index