Lucene search
Alvaro Munoz (@pwntester) & Christian Schneider (@cschneider4711)ZDI-16-443HistoryJul 21, 2016 - 12:00 a.m.
Oracle WebLogic JBoss Interceptors Deserialization of Untrusted Data Remote Code Execution Vulnerability
2016-07-2100:00:00
Alvaro Munoz (@pwntester) & Christian Schneider (@cschneider4711)
www.zerodayinitiative.com
52
0.034 Low
EPSS
Percentile
91.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists in the use of JBoss Interceptors library. By sending a specially crafted request, the application can be made to deserialize untrusted data during the handling of the request. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Related
packetstorm
packetstorm
zdt
zdt
nessus
nessus
Oracle WebLogic Server Java Object Deserialization RCE (July 2016 CPU)
2016-07-28 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (July 2016 CPU)
2016-07-20 00:00:00
nvd
nvd
CVE-2016-3586
2016-07-21 10:14:25
CVE-2016-3510
2016-07-21 10:13:03
cvelist
cvelist
CVE-2016-3586
2016-07-21 10:00:00
CVE-2016-3510
2016-07-21 10:00:00
prion
prion
Design/Logic Flaw
2016-07-21 10:13:00
Design/Logic Flaw
2016-07-21 10:14:00
cve
cve
CVE-2016-3510
2016-07-21 10:13:03
CVE-2016-3586
2016-07-21 10:14:25
githubexploit
githubexploit
Exploit for Command Injection in Oracle Virtual Desktop Infrastructure
2020-08-10 09:17:04
openvas
openvas
Oracle WebLogic Server Multiple Unspecified Vulnerabilities-01 (Jul 2016)
2016-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00