Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:ORACLE:WL-LIMFILTER-INS-DES |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle Weblogic LimitFilter Insecure Deserialization |
Release Date |
2020/03/24 |
Update Number |
3265 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Oracle Weblogic LimitFilter Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Oracle Weblogic. Successful exploitation could result in code execution on the target machine.
Extended Description
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected Products
- Oracle fusion_middleware 12.2.1.3.0
- Oracle fusion_middleware 12.2.1.4.0
- Oracle fusion_middleware 12.2.3.0.0
References