The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS9-async component due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server.
Binary data weblogic_async_response_rce.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | weblogic_server | cpe:/a:oracle:weblogic_server |