Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:0777B19952D5529B80996752448938D9
HistoryJan 09, 2018 - 12:00 a.m.

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

2018-01-0900:00:00
SAINT Corporation
download.saintcorporation.com
512
JSON

Added: 01/09/2018
BID: 101304

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

Oracle WebLogic Server has a vulnerability in the WLS Security (wls-wsat) component that could allow an unauthenticated remote attacker who has HTTP access to the server to execute remote code.

Resolution

Apply the update referenced in the Oracle Critical Patch Update Advisory for October 2017.

References

<https://www.exploit-db.com/exploits/43458/&gt;

Limitations

Exploit works on Oracle WebLogic 10.3.6.0.0 running on Oracle Linux 6.8 and Ubunutu 14.04.4 LTS.

Platforms

Windows
Linux / Ubuntu / Red Hat / Fedora / CentOS / FreeBSD / OpenBSD / NetBSD / AIX / SunOS / HP-UX / DragonFly / Darwin

JSON