{"id":1205,"date":"2018-04-20T17:56:15","date_gmt":"2018-04-20T17:56:15","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1205"},"modified":"2018-04-20T17:56:15","modified_gmt":"2018-04-20T17:56:15","slug":"oracle-weblogic-server-rce-deserialization-vulnerability-analysis","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/","title":{"rendered":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis"},"content":{"rendered":"<p>On April 17<sup>th<\/sup> local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner.<\/p>\n<p>Reference link:<\/p>\n<p><a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html\"><strong>http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html<\/strong><\/a><\/p>\n<h2>Affected Versions<\/h2>\n<ul>\n<li>WebLogic 10.3.6.0<\/li>\n<li>WebLogic 12.1.3.0<\/li>\n<li>WebLogic 12.2.1.2<\/li>\n<li>WebLogic 12.2.1.3<\/li>\n<\/ul>\n<p>According to data on the NSFOCUS Threat Intelligence center (NTI), as many as 19,229 assets around the world have the WebLogic service publicly accessible from the Internet.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Asset-distribution.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-1206\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Asset-distribution.png\" alt=\"\" width=\"834\" height=\"432\" \/><\/a><\/p>\n<h2>Technical Solutions<\/h2>\n<h3>Self Check<\/h3>\n<p>Run the following commands to check whether the current WebLogic version is affected by this vulnerability:<\/p>\n<p>$ cd \/lopt\/bea92sp2\/weblogic92\/server\/lib<\/p>\n<p>$java -cp weblogic.jar weblogic.version<\/p>\n<p>Then check whether port 7001 (default port of WebLogic) is publicly accessible.<\/p>\n<h3>Official Fix<\/h3>\n<p>Oracle has fixed this vulnerability in the CPU released in April. Users are advised to download the latest update as soon as possible.<\/p>\n<p>Reference link: <a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html\"><strong>http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html<\/strong><\/a><\/p>\n<p>Note: Official patches of Oracle can be downloaded only by those with a licensed account of the software. Such users can use that account to log in to <a href=\"https:\/\/support.oracle.com\/\">https:\/\/support.oracle.com<\/a> to obtain the latest patch.<\/p>\n<h3>Workaround<\/h3>\n<p>To exploit the CVE-2018-2628 vulnerability, the first step is to establish a socket connection with the T3 service available on the service port of WebLogic Server. Therefore, the attack can be blocked by controlling access to the T3 protocol. WebLogic Server provides a default connection filter called weblogic.security.net.ConnectionFilterImpl. This filter accepts all inbound connections. It is advisable to configure a rule through this filter to control access to T3 and T3S protocols.<\/p>\n<ol>\n<li>Access the administration console of WebLogic Server. Click <strong>base_domain<\/strong> in the left pane and then click the <strong>Security<\/strong> and <strong>Filter<\/strong> tabs successively to open the filter configuration page.<\/li>\n<li>Type <strong>weblogic.security.net.ConnectionFilterImpl<\/strong> in the <strong>Connection Filter<\/strong> field and <strong>* * 7001 deny t3 t3s<\/strong> in the <strong>Connection Filter Rules<\/strong> field.<\/li>\n<li>Click <strong>Save<\/strong>. Then this rule takes effect immediately without needing a restart.<\/li>\n<\/ol>\n<table>\n<tbody>\n<tr>\n<td width=\"546\">Connection filter rules should be provided in the format of &#8220;target localAddress localPort action protocols&#8221;, where<\/p>\n<ul>\n<li><strong>target <\/strong>indicates one or more servers to be filtered.<\/li>\n<li><strong>localAddress<\/strong> specifies the host address of the server. (An asterisk (*) indicates all local IP addresses.)<\/li>\n<li><strong>localPort<\/strong> specifies the port that the server is listening on. (An asterisk (*) indicates all ports available on the server.)<\/li>\n<li><strong>action<\/strong> specifies the action to be taken. (The value must be <strong>allow<\/strong> or <strong>deny<\/strong>.)<\/li>\n<li><strong>protocols<\/strong> specifies the protocols to be filtered. (The value must be <strong>http<\/strong>, <strong>https<\/strong>, <strong>t3<\/strong>, <strong>t3s<\/strong>, <strong>giop<\/strong>, <strong>giops<\/strong>, <strong>dcom<\/strong>, and\/or <strong>ftp<\/strong>.) If no protocol is specified, all protocols will be filtered.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>NSFOCUS&#8217;s Recommendations<\/h2>\n<h3>\u00a0\u00a0\u00a0 Use NSFOCUS&#8217;s detection products or services to detect the vulnerability:<\/h3>\n<ol>\n<li>For Internet-facing assets, use the emergency vulnerability detection service of NSFOCUS Cloud to check for the vulnerability online. The service is available at the following link: <strong><a href=\"https:\/\/cloud.nsfocus.com\/#\/krosa\/views\/initcdr\/productandservice?page_id=12\">https:\/\/cloud.nsfocus.com\/#\/krosa\/views\/initcdr\/productandservice?page_id=12<\/a><\/strong><\/li>\n<li>For internal assets, use NSFOCUS IDS, RSAS V6, and WVSS to check for the vulnerability:<\/li>\n<\/ol>\n<ul>\n<li>Network Intrusion Detection System (NIDS): <a href=\"http:\/\/update.nsfocus.com\/update\/listIds\"><strong>http:\/\/update.nsfocus.com\/update\/listIds<\/strong><\/a><\/li>\n<li>Remote Security Assessment System (RSAS V6): <a href=\"http:\/\/update.nsfocus.com\/update\/listRsasDetail\/v\/vulweb\"><strong>http:\/\/update.nsfocus.com\/update\/listRsasDetail\/v\/vulweb<\/strong><\/a><\/li>\n<\/ul>\n<ul>\n<li>Web Vulnerability Scanning System (WVSS):<b> <a href=\"http:\/\/update.nsfocus.com\/update\/listWvssDetail\/v\/6\/t\/plg\"><strong>http:\/\/update.nsfocus.com\/update\/listWvssDetail\/v\/6\/t\/plg<\/strong><\/a><\/b><\/li>\n<\/ul>\n<p>You should upgrade your devices to the latest version by downloading upgrade packages from the preceding links before using them to detect vulnerabilities.<\/p>\n<h3>\u00a0\u00a0\u00a0 Use NSFOCUS&#8217;s protection product (NIPS or NF) to protect against the vulnerability:<\/h3>\n<ul>\n<li>Network Intrusion Prevention System (NIPS): <a href=\"http:\/\/update.nsfocus.com\/update\/listIps\"><strong>\u00a0http:\/\/update.nsfocus.com\/update\/listIps<\/strong><\/a><\/li>\n<li>Next-Generation Firewall (NF): <a href=\"http:\/\/update.nsfocus.com\/update\/listNf\"><strong>http:\/\/update.nsfocus.com\/update\/listNf<\/strong><\/a><\/li>\n<\/ul>\n<p>You should upgrade your devices to the latest version by downloading upgrade packages from the preceding links before using them for protection.<\/p>\n<h3>\u00a0\u00a0\u00a0 Identification of Affected Internet Assets<\/h3>\n<p>NTI provides the function of querying network assets publicly accessible from the Internet. Enterprise users can use NTI to query which ports on their assets are opened, thereby finding out whether any assets are affected by this vulnerability.<\/p>\n<p>NTI also provides the Internet asset audit service, enabling enterprise customers to learn the security of and changes in their assets in a timely manner. For details about the service, please contact <a href=\"mailto:NTI@nsfocus.com\">NTI@nsfocus.com.<\/a><\/p>\n<h2>Technical Analysis<\/h2>\n<p>&nbsp;<\/p>\n<p>The T3 service decapsulates the object structure. Through successive readObject operations, it finally reaches port 1099 of the server involved in the second step and requests the malicious code.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Vuln-analysis.png\"><img decoding=\"async\" class=\"alignnone size-large wp-image-1208\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Vuln-analysis-1024x283.png\" alt=\"\" width=\"640\" height=\"177\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Vuln-analysis-1024x283.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Vuln-analysis-300x83.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Vuln-analysis-768x213.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Vuln-analysis.png 1120w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>The calculator then pops up.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/calculator-pops-up.png\"><img decoding=\"async\" class=\"alignnone size-large wp-image-1207\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/calculator-pops-up-1024x332.png\" alt=\"\" width=\"640\" height=\"208\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/calculator-pops-up-1024x332.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/calculator-pops-up-300x97.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/calculator-pops-up-768x249.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/calculator-pops-up.png 1177w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p>WebLogic has blacklisted all PoC vulnerabilities exposed on the Internet. However, this blacklist can be bypassed through manual intervention. Let&#8217;s see how resolveProxyClass in InboundMsgAbbrev is implemented. This class is responsible for handling RMI interfaces, but it only adds java.rmi.registry.Registry to the blacklist. Therefore, attackers can easily bypass the blacklist by using other RMI interfaces.<\/p>\n<table style=\"height: 706px;\" width=\"669\">\n<tbody>\n<tr>\n<td width=\"568\">protected\u00a0Class&lt;?&gt;\u00a0resolveProxyClass(String[]\u00a0interfaces)\u00a0throws\u00a0IOException,\u00a0ClassNotFoundException\u00a0{<\/p>\n<p>String[]\u00a0arr$\u00a0=\u00a0interfaces;<\/p>\n<p>int\u00a0len$\u00a0=\u00a0interfaces.length;<\/p>\n<p>&nbsp;<\/p>\n<p>for(int\u00a0i$\u00a0=\u00a00;\u00a0i$\u00a0&lt;\u00a0len$;\u00a0++i$)\u00a0{<\/p>\n<p>String\u00a0intf\u00a0=\u00a0arr$[i$];<\/p>\n<p>if(intf.equals(&#8220;java.rmi.registry.Registry&#8221;))\u00a0{<\/p>\n<p>throw\u00a0new\u00a0InvalidObjectException(&#8220;Unauthorized\u00a0proxy\u00a0deserialization&#8221;);<\/p>\n<p>}<\/p>\n<p>}<\/p>\n<p>&nbsp;<\/p>\n<p>return\u00a0super.resolveProxyClass(interfaces);<\/p>\n<p>}<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner. Reference link: http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html Affected Versions WebLogic 10.3.6.0 WebLogic 12.1.3.0 WebLogic 12.2.1.2 WebLogic 12.2.1.3 According to data on the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1311,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-1205","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-events"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-20T17:56:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis\",\"datePublished\":\"2018-04-20T17:56:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/\"},\"wordCount\":852,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/Screen-Shot-2018-05-07-at-10.09.20.png\",\"articleSection\":[\"Global Events\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/\",\"name\":\"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/Screen-Shot-2018-05-07-at-10.09.20.png\",\"datePublished\":\"2018-04-20T17:56:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/Screen-Shot-2018-05-07-at-10.09.20.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/Screen-Shot-2018-05-07-at-10.09.20.png\",\"width\":966,\"height\":352,\"caption\":\"Terminal window showing Java command execution.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS","og_description":"On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization","og_url":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/","og_site_name":"NSFOCUS","article_published_time":"2018-04-20T17:56:15+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS","twitter_description":"On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis","datePublished":"2018-04-20T17:56:15+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/"},"wordCount":852,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png","articleSection":["Global Events"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/","url":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/","name":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png","datePublished":"2018-04-20T17:56:15+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-05-07-at-10.09.20.png","width":966,"height":352,"caption":"Terminal window showing Java command execution."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Oracle WebLogic Server RCE Deserialization Vulnerability Analysis"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/1205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=1205"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/1205\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/1311"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=1205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=1205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=1205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}