This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Oracle WebLogic server is affected by a remote code
The remote Oracle WebLogic Server is affected by a remote code
execution vulnerability in the Java Messaging Service subcomponent in
the readExternal() function due to improper sanitization of
user-supplied input. An unauthenticated, remote attacker can exploit
this, via a crafted object payload, to bypass the ClassFilter.class
blacklist and execute arbitrary Java code in the context of the
See also :
Apply the appropriate patch according to the April 2016 Oracle
Critical Patch Update advisory.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true