Oracle WebLogic Server deserialization remote code execution
Added: 05/02/2019CVE: CVE-2019-2725
BID: 108074
Background
Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.Problem
Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.Resolution
Apply the patch referenced in the Oracle Security Alert Advisory - CVE-2019-2725.References
https://github.com/fuhei/CNVD-C-2019-48814/blob/master/CNVD-C-2019-48814.pyLimitations
Platforms
WindowsLinux
Back to exploit index