Detections
Analytics

Oracle WebLogic Multiple Java Object Deserialization RCE

critical Nessus Network Monitor Plugin ID 700244

Synopsis

The remote host is vulnerable to a Remote Code Execution (RCE) vulnerability.

Description

The remote host is running a version of Oracle WebLogic Server that is affected by multiple RCE vulnerabilities:

 - A vulnerability exists that allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2018-2628)
 - A deserialization vulnerability via XMLDecoder exists in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. (CVE-2019-2729)

Solution

Upgrade or patch according to vendor recommendations.

See Also

https://www.tenable.com/blog/critical-oracle-weblogic-server-flaw-still-not-patched

https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html

Plugin Details

Severity: Critical

ID: 700244

Family: Web Servers

Published: 5/3/2018

Updated: 6/21/2019

Nessus ID: 126051

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:weblogic_server

Patch Publication Date: 6/18/2019

Vulnerability Publication Date: 6/16/2019

Reference Information

CVE: CVE-2018-2628, CVE-2019-2729

BID: 103776, 108822