Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018
BID: 101304

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

Oracle WebLogic Server has a vulnerability in the WLS Security (wls-wsat) component that could allow an unauthenticated remote attacker who has HTTP access to the server to execute remote code.

Resolution

Apply the update referenced in the Oracle Critical Patch Update Advisory for October 2017.

References

https://www.exploit-db.com/exploits/43458/

Limitations

Exploit works on Oracle WebLogic 10.3.6.0.0 running on Oracle Linux 6.8 and Ubunutu 14.04.4 LTS.

Platforms

Windows
Linux / Ubuntu / Red Hat / Fedora / CentOS / FreeBSD / OpenBSD / NetBSD / AIX / SunOS / HP-UX / DragonFly / Darwin

Back to exploit index