Oracle WebLogic WLS9-async Remote Code Execution (remote check)
High Nessus Plugin ID 124338
SynopsisThe remote Oracle WebLogic server is affected by a remote code execution vulnerability.
DescriptionThe remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS9-async component due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server.
SolutionApply the patch referenced in the vendor advisory.