|
|||
Rule General Information |
---|
Release Date: | 2019-06-17 | |
Rule Name: | Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability -4 (CVE-2019-2725) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. | |
Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows | |
Reference: | SecurityFocusBID:108074 ExploitDB:46780 http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html https://support.f5.com/csp/article/K90059138 |
|
Solutions |
---|
Oracle has released a patch on the official website. Please download the patch on https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html |