'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:717193)

Rule General Information
Release Date: 2025-11-12
Rule Name: Weblogic T3 Protocol Deserialization Vulnerability Detection (CVE-2020-3245)
Severity:
CVE ID:
Rule Protection Details
Description: Oracle WebLogic Server’s proprietary T3 protocol is designed for internal RMI communication between server instances. Attackers who can reach the T3 port can embed malicious serialized Java objects inside the protocol stream. When the server deserializes these objects during its normal RMI handshake, it may instantiate attacker-supplied classes that execute arbitrary code in the JVM security context of the WebLogic process. Successful exploitation grants the adversary operating-system privileges equal to the WebLogic service account, enabling complete takeover of the middleware host, lateral movement into backend databases, and the ability to tamper with or shut down business applications that rely on the WebLogic tier.
Impact: An attacker can carefully construct malicious serialized data and pass it to the application, and execute the malicious code constructed by the attacker when the application deserializes the object.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.