Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:293AA64C24A0D34805A3723EE0A2A9EA
HistoryJan 09, 2018 - 12:00 a.m.

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

2018-01-0900:00:00
SAINT Corporation
download.saintcorporation.com
17
JSON

Added: 01/09/2018
BID: 101304

Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform.

Problem

Oracle WebLogic Server has a vulnerability in the WLS Security (wls-wsat) component that could allow an unauthenticated remote attacker who has HTTP access to the server to execute remote code.

Resolution

Apply the update referenced in the Oracle Critical Patch Update Advisory for October 2017.

References

<https://www.exploit-db.com/exploits/43458/&gt;

Limitations

Exploit works on Oracle WebLogic 10.3.6.0.0 running on Oracle Linux 6.8 and Ubunutu 14.04.4 LTS.

Platforms

Windows
Linux / Ubuntu / Red Hat / Fedora / CentOS / FreeBSD / OpenBSD / NetBSD / AIX / SunOS / HP-UX / DragonFly / Darwin

JSON