A deserialization vulnerability in Oracle WebLogic has been disclosed by multiple 3rd party researchers and organizations. The vulnerability allows unauthenticated attackers to compromise WebLogic server via T3 protocol. The affected component is WLS Core components. Upon successful exploitation an attacker can take over the target server via remote code execution .CVE-2018-2893 has been assigned to … Continue reading “Oracle WebLogic Deserialization Vulnerability : CVE-2018-2893”
Tag: CVE-2018-2628
Oracle WebLogic Deserialization Vulnerability : CVE-2018-2628
A deserialization vulnerability was discovered in Oracle WebLogic server’s core components. Upon successful exploitation an attacker can take control of the target server. The exploit targets the server by sending a custom serialized object using T3 protocol and achieves remote arbitrary code execution. T3 and T3S(T3 over TLS) protocol is used to exchange data between … Continue reading “Oracle WebLogic Deserialization Vulnerability : CVE-2018-2628”