Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability

Oracle WebLogic Server is prone to a remote code-execution vulnerability.

A remote attacker can leverage this issue to execute arbitrary code within the context of the affected system. Failed exploit attempts may result in a denial-of-service condition.
Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0 are vulnerable.

Information

Bugtraq ID: 108822
Class: Serialization Error
CVE: CVE-2019-2729

Remote: Yes
Local: No
Published: Jun 18 2019 12:00AM
Updated: Jun 18 2019 12:00AM
Credit: Badcode of Knownsec 404 Team, Fangrun Li of Creditease Security Team, Foren Lim, Lucifaer, orich1 of CUIT D0g3 Secure Team,Sukaralin, WenHui Wang of State Grid, Ye Zhipeng of Qianxin Yunying Labs, Yuxuan Chen, Zhao Chang of Venustech ADLab, and Zhiyi Zhang
Vulnerable: Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0

Not Vulnerable:

Exploit

Reports indicate that this issue is being exploited in the wild.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• [KnownSec 404 Team] Oracle WebLogic Deserialization RCE Vulnerability (0day) Ale (KnownSec)
  
• Oracle Homepage (Oracle)
  
• Oracle Weblogic Server Home Page (Oracle)
  
• Oracle Security Alert Advisory - CVE-2019-2729 (Oracle)
  

Source: www.securityfocus.com