Oracle WebLogic Server Deserialization CVE-2019-2729 Remote Code Execution Vulnerability

Oracle WebLogic Server is prone to a remote code-execution vulnerability.

A remote attacker can leverage this issue to execute arbitrary code within the context of the affected system. Failed exploit attempts may result in a denial-of-service condition.
Oracle WebLogic Server,, and are vulnerable.


Bugtraq ID: 108822
Class: Serialization Error
CVE: CVE-2019-2729

Remote: Yes
Local: No
Published: Jun 18 2019 12:00AM
Updated: Jun 18 2019 12:00AM
Credit: Badcode of Knownsec 404 Team, Fangrun Li of Creditease Security Team, Foren Lim, Lucifaer, orich1 of CUIT D0g3 Secure Team,Sukaralin, WenHui Wang of State Grid, Ye Zhipeng of Qianxin Yunying Labs, Yuxuan Chen, Zhao Chang of Venustech ADLab, and Zhiyi Zhang
Vulnerable: Oracle Weblogic Server
Oracle Weblogic Server
Oracle Weblogic Server

Not Vulnerable:


Reports indicate that this issue is being exploited in the wild.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts