Tag: Oracle

Oracle WebLogic Remote Upload Vulnerability : CVE-2018-2894

Posted by Author Deepak Shanker on Posted on

In the month of July 2018 Oracle had released advisory addressing many vulnerabilities in its suit of products. In this post will discuss about CVE-2018-2894. It is a remote file upload vulnerability in WebLogic server due to  improper authentication enforcement. Normally this page should not be accessible without authentication. The affected versions are 10.3.6.0, 12.1.3.0, 12.2.1.2, … Continue reading “Oracle WebLogic Remote Upload Vulnerability : CVE-2018-2894”

Oracle WebLogic Deserialization Vulnerability : CVE-2018-2628

Posted by Author Deepak Shanker on Posted on

A deserialization vulnerability was discovered in Oracle WebLogic server’s core components. Upon successful exploitation an attacker can take control of the target server. The exploit targets the server by sending a custom serialized object using T3 protocol and achieves remote arbitrary code execution. T3 and T3S(T3 over TLS) protocol is used to exchange data between … Continue reading “Oracle WebLogic Deserialization Vulnerability : CVE-2018-2628”