Oracle Vulnerability

Oracle WebLogic Remote Code Execution Vulnerability (CVE-2019-2725) Patch Bypass Threat Alert

June 18, 2019


Recently, the NSFOCUS security team has found that the Oracle Weblogic vulnerability is exploited in the wild. Its attack signature is similar to that of the CVE-2019-2725 vulnerability. The attack can bypass the latest security patch released by Oracle in April. This vulnerability exists because no proper sanitization is performed when deserialized information is handled. By sending a crafted malicious HTTP request, attackers could exploit this vulnerability to gain server privileges and remotely execute arbitrary code in an unauthorized manner.


Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert

May 3, 2019

1 Vulnerability Overview

On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker could exploit this vulnerability to gain server privileges for remote code execution by sending a carefully crafted malicious HTTP request. (more…)