Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019
CVE: CVE-2019-2725
BID: 108074

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.

Resolution

Apply the patch referenced in the Oracle Security Alert Advisory - CVE-2019-2725.

References

https://github.com/fuhei/CNVD-C-2019-48814/blob/master/CNVD-C-2019-48814.py

Limitations

Platforms

Windows
Linux

Back to exploit index