{"id":7648,"date":"2018-04-18T17:42:32","date_gmt":"2018-04-18T17:42:32","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1198"},"modified":"2025-07-09T08:26:33","modified_gmt":"2025-07-09T08:26:33","slug":"oracle-weblogic-server-rce-deserialization-vulnerability","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/oracle-weblogic-server-rce-deserialization-vulnerability\/","title":{"rendered":"Oracle WebLogic Server RCE Deserialization Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/34535.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-1199\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/34535.png\" alt=\"\" width=\"416\" height=\"233\" \/><\/a><\/p>\n<p>On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization vulnerability (CVE-2018-2628) allowing remote code execution without authorization was disclosed.<\/p>\n<p>This vulnerability was first discovered by an NSFOCUS researcher, who reported it to Oracle immediately. More information about this vulnerability together with NSFOCUS\u2019s technical protection solution will be released soon on the blog.<\/p>\n<p>Reference link:<\/p>\n<p><a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html\"><strong>http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2018-3678067.html<\/strong><\/a><\/p>\n<h3>Affected versions:<\/h3>\n<ul>\n<li>Weblogic 10.3.6.0<\/li>\n<li>Weblogic 12.1.3.0<\/li>\n<li>Weblogic 12.2.1.2<\/li>\n<li>Weblogic 12.2.1.3<\/li>\n<\/ul>\n<p>Earlier versions already not supported by Oracle are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.<\/p>\n<h3><span style=\"color: #000000;\">Recommended Solutions<\/span><\/h3>\n<p>Oracle has released patches in the Critical Patch Update. Users affected by this vulnerability are advised to fix it as soon as possible.<\/p>\n<p>Note: An official licensed account is needed to download the latest patches from Oracle website <a href=\"https:\/\/support.oracle.com\/\"><strong>https:\/\/support.oracle.com<\/strong><\/a><strong>. <\/strong><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization vulnerability (CVE-2018-2628) allowing remote code execution without authorization was disclosed. This vulnerability was first discovered by an NSFOCUS researcher, who reported it to Oracle immediately. More information about this vulnerability together with NSFOCUS\u2019s technical [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1315,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[],"class_list":["post-7648","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-18T17:42:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-09T08:26:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minuto\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Oracle WebLogic Server RCE Deserialization Vulnerability\",\"datePublished\":\"2018-04-18T17:42:32+00:00\",\"dateModified\":\"2025-07-09T08:26:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/\"},\"wordCount\":182,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/AdobeStock_41044150_Preview.jpeg\",\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/\",\"name\":\"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/AdobeStock_41044150_Preview.jpeg\",\"datePublished\":\"2018-04-18T17:42:32+00:00\",\"dateModified\":\"2025-07-09T08:26:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/AdobeStock_41044150_Preview.jpeg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/AdobeStock_41044150_Preview.jpeg\",\"width\":1000,\"height\":750,\"caption\":\"Rack servers with blue LED lights.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/oracle-weblogic-server-rce-deserialization-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle WebLogic Server RCE Deserialization Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS","og_description":"On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization","og_url":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/","og_site_name":"NSFOCUS","article_published_time":"2018-04-18T17:42:32+00:00","article_modified_time":"2025-07-09T08:26:33+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS","twitter_description":"On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"1 minuto"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Oracle WebLogic Server RCE Deserialization Vulnerability","datePublished":"2018-04-18T17:42:32+00:00","dateModified":"2025-07-09T08:26:33+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/"},"wordCount":182,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg","articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/","url":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/","name":"Oracle WebLogic Server RCE Deserialization Vulnerability - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg","datePublished":"2018-04-18T17:42:32+00:00","dateModified":"2025-07-09T08:26:33+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/04\/AdobeStock_41044150_Preview.jpeg","width":1000,"height":750,"caption":"Rack servers with blue LED lights."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/oracle-weblogic-server-rce-deserialization-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Oracle WebLogic Server RCE Deserialization Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=7648"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7648\/revisions"}],"predecessor-version":[{"id":32659,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7648\/revisions\/32659"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/1315"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=7648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=7648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=7648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}