|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-17 | |
| Rule Name: | Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability -4 (CVE-2019-2725) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:108074 ExploitDB:46780 http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html https://support.f5.com/csp/article/K90059138 |
|
| Solutions |
|---|
| Oracle has released a patch on the official website. Please download the patch on https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html |