Immunity Canvas: WLS_CORE_DESERIALIZATION

2018-07-18T13:29:00
ID WLS_CORE_DESERIALIZATION
Type canvas
Reporter Immunity Canvas
Modified 2018-07-18T13:29:00

Description

Name| wls_core_deserialization
---|---
CVE| CVE-2018-2893
Exploit Pack| CANVAS
Description| wls_core_deserialization
Notes| CVE Name: CVE-2018-2893
VENDOR: Oracle
NOTES: Tested on WebLogic 10.3.6.0 and 12.2.1.2 with JDK 1.7.X.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion
Middleware (subcomponent: WLS Core Components).
Easily exploitable vulnerability allows unauthenticated attacker with network
access via T3 to compromise Oracle WebLogic Server. Successful attacks of this
vulnerability can result in takeover of Oracle WebLogic Server.
CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

VersionsAffected: WebLogic 10.3.6.0
WebLogic 12.1.3.0
WebLogic 12.2.1.2
WebLogic 12.2.1.3

Repeatability: Infinite
References:
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2893
Date public: 07/18/2018
CVSS: 9.8