|
|||
Rule General Information |
---|
Release Date: | 2018-12-04 | |
Rule Name: | Oracle WebLogic Server DeploymentServiceServlet Insecure Deserialization Vulnerability(CVE-2018-3252) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. | |
Impact: | A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of theuser account running WebLogic. | |
Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
Reference: | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html SecurityFocusBID:105613 SecurityTrackerID:1041896 |
|
Solutions |
---|
The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2018. The vendor advisory is available at https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html |