Oracle WebLogic WSAT Remote Code Execution
Critical Nessus Plugin ID 105484
SynopsisThe remote Oracle WebLogic server is affected by a remote code execution vulnerability.
DescriptionThe remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WSAT endpoint due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server.
SolutionApply the appropriate patch according to the October 2017 Oracle Critical Patch Update advisory.