Oracle.WebLogic.Server.resolveProxyClass.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization vulnerability in Oracle WebLogic Server.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. A remote attacker may be able exploit this to execute arbitrary code within the context of the application via crafted requests.

affected-products-logoAffected Products

Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-11-30 16.970 Sig Added
2020-11-19 16.965 Name:Oracle.
WebLogic.
Server.
resolveProxyClass.
Deserializatiion:Oracle.
WebLogic.
Server.
resolveProxyClass.
Deserialization

References

44553 45193