Oracle WebLogic Java Object Deserialization RCE
Critical Nessus Plugin ID 87011
SynopsisThe remote Oracle WebLogic server is affected by a remote code execution vulnerability.
DescriptionThe remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary Java code in the context of the WebLogic server.
SolutionUpgrade to the relevant fixed version referenced in the vendor advisory.