Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.

Resolution

Apply the patch referenced in the Oracle Security Alert Advisory - CVE-2019-2725.

References

<https://github.com/fuhei/CNVD-C-2019-48814/blob/master/CNVD-C-2019-48814.py>

Limitations

Platforms

Windows
Linux

f5 1

exploitpack 1

attackerkb 1

myhack58 2

githubexploit 10

saint 2

zdt 2

prion 1

checkpoint_advisories 1

packetstorm 1

talosblog 4

cvelist 1

nessus 2

metasploit 1

cisa_kev 1

cve 1

nuclei 1

threatpost 9

thn 7

cisa 2

qualysblog 6

exploitdb 2

malwarebytes 1

trendmicroblog 1

symantec 1

hivepro 1

securelist 1

impervablog 1

ics 1

avleonov 1

kitploit 1

oracle 5

K90059138 : Oracle WebLogic Deserialization Remote Code Execution CVE-2019-2725

2019-04-30 00:00:00

exploitpack

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution

2019-04-30 00:00:00

attackerkb

CVE-2019-2725

2019-04-26 00:00:00

myhack58

WebLogic deserialization 0day vulnerability CVE-2019-2725 patch to bypass）early warning-vulnerability warning-the black bar safety net

2019-06-17 00:00:00

WebLogic Server re-aeration at high risk 0 day vulnerability-a vulnerability warning-the black bar safety net

2019-06-18 00:00:00

githubexploit

Exploit for Injection in Oracle Agile Plm

2019-06-11 00:49:56

Exploit for Injection in Oracle Agile Plm

2020-08-31 14:09:09

Exploit for Injection in Oracle Agile Plm

2020-01-08 06:35:28

saint

Oracle WebLogic Server deserialization remote code execution

2019-05-02 00:00:00

Oracle WebLogic Server deserialization remote code execution

2019-05-02 00:00:00

zdt

Oracle #Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution Exploit #RCE

2019-05-01 00:00:00

Oracle Weblogic Server Deserialization Remote Code Execution Exploit

2019-05-07 00:00:00

prion

Design/Logic Flaw

2019-04-26 19:29:00

checkpoint_advisories

Oracle WebLogic Server Remote Code Execution (CVE-2019-2725)

2019-04-28 00:00:00

packetstorm

Oracle Weblogic Server Deserialization Remote Code Execution

2019-05-07 00:00:00

talosblog

Threat Source (May 2, 2019)

2019-05-02 11:00:01

Threat Source newsletter (May 9)

2019-05-09 11:00:02

Sodinokibi ransomware exploits WebLogic Server vulnerability

2019-05-01 12:37:18

cvelist

CVE-2019-2725

2019-04-26 18:21:08

nessus

Oracle WebLogic Server wls9_async_response / wls-wsat Remote Code Execution

2019-04-26 00:00:00

Oracle WebLogic Server Multiple Vulnerabilities (Jul 2019 CPU)

2019-07-22 00:00:00

metasploit

Oracle Weblogic Server Deserialization RCE - AsyncResponseService

2019-04-26 01:03:17

cisa_kev

Oracle WebLogic Server, Injection

2022-01-10 00:00:00

cve

CVE-2019-2725

2019-04-26 19:29:00

nuclei

Oracle WebLogic Server - Remote Command Execution

2020-08-16 16:33:49

threatpost

GandCrab Ransomware Shutters Its Operations

2019-06-03 14:18:01

New 'Sodinokibi' Ransomware Exploits Critical Oracle WebLogic Flaw

2019-04-30 19:20:13

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

2019-05-06 20:04:55

thn

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

2019-05-01 07:23:00

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

2022-07-01 05:36:00

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

2019-06-19 18:42:00

cisa

Oracle Releases Security Alert

2019-04-26 00:00:00

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

2022-01-10 00:00:00

qualysblog

Introducing Periscope: Out-of-Band Vulnerability Detection Mechanism in Qualys WAS

2020-01-15 16:00:28

Identify Server-Side Attacks Using Qualys Periscope

2022-12-01 23:11:35

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

2022-02-26 20:20:32

exploitdb

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution

2019-04-30 00:00:00

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

2019-05-08 00:00:00

malwarebytes

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

2019-07-18 17:58:26

trendmicroblog

This Week in Security News: Spam Campaigns and Cryptocurrency Miners

2019-06-14 13:25:23

symantec

Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability

2019-06-18 00:00:00

hivepro

Muhstik botnet adds another vulnerability exploit to its arsenal

2022-03-29 12:17:03

securelist

IT threat evolution Q3 2019

2019-11-29 10:00:12

impervablog

Imperva Detects Undocumented 8220 Gang Activities

2023-12-14 13:48:35

ics

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

2022-03-01 12:00:00

avleonov

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

2023-09-30 19:31:42

kitploit

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

oracle

Oracle Critical Patch Update Advisory - July 2019

2019-07-16 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - January 2020

2020-01-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.976 High

EPSS

Percentile

100.0%

JSON

Related for SAINT:3367EB0908CC68021EF65D9C41812230