Oracle WebLogic Server Multiple Vulnerabilities (July 2016 CPU)

Critical Nessus Plugin ID 92460

Synopsis

An application server installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities :

- An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2016-3445)

- An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3499)

- A remote code execution vulnerability exists in the WLS Core component due to unsafe deserialize calls to the weblogic.corba.utils.MarshallObject object. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.
(CVE-2016-3510)

- An unspecified flaw exists in the WLS Core component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3586)

Solution

Apply the appropriate patch according to the July 2016 Oracle Critical Patch Update advisory.

Oracle WebLogic Server Multiple Vulnerabilities (July 2016 CPU)

Critical Nessus Plugin ID 92460

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Exploitable With

Reference Information