|
|||
Rule General Information |
---|
Release Date: | 2018-11-12 | |
Rule Name: | Oracle WebLogic Server AbstractPlatformTransactionManager Insecure Deserialization Vulnerability -2 (CVE-2018-3191) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android | |
Reference: | http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html SecurityFocusBID:105613 SecurityTrackerID:1041896 |
|
Solutions |
---|
The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2018. The vendor advisory is available at https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html |