Oracle WebLogic Server Deserialization RCE (CVE-2018-2893)
High Nessus Plugin ID 111665
SynopsisThe remote Oracle WebLogic server is affected by a remote code execution vulnerability.
DescriptionThe remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server.
SolutionApply the appropriate patch according to the July 2018 Oracle Critical Patch Update advisory.