Oracle.WebLogic.Server.Unrestricted.File.Upload.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Oracle WebLogic Server.
The vulnerability is caused by insufficient sanitizing of user inputs in the application when handling file uploads. A remote attacker may be able to exploit this to upload arbitrary files onto the system and access it later, leading to code execution.
Affected Products
Oracle WebLogic Server 10.3.6.0
Oracle WebLogic Server 12.1.3.0
Oracle WebLogic Server 12.2.1.2
Oracle WebLogic Server 12.2.1.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-17 | 16.982 | Sig Added |