Overview On January 14, 2020, Oracle disclosed the critical vulnerability CVE-2020-2551 . Vulnerability has been discovered in the Oracle WebLogic Server, component of Oracle Fusion Middleware using IIOP protocol. Flaw existed the way WebLogic Server handled IIOP deserialization. It led to remote code execution using IIOP protocol via Malicious JNDI Lookup. Before looking into vulnerability, … Continue reading “Oracle Weblogic Insecure Deserialization with IIOP(CVE-2020-2551)”
Tag: deserailization
Oracle WebLogic Server deserialization bug to remote code execution vulnerability (CVE-2020-2555)
Summary: Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. In the Oracle Critical Patch Update Advisory – January 2020, Oracle officially fixed a high-risk vulnerability (CVE-2020-2555) that affect to Oracle Coherence library in Oracle WebLogic Server. Description: Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 protocol to … Continue reading “Oracle WebLogic Server deserialization bug to remote code execution vulnerability (CVE-2020-2555)”