Security News > 2019 > April > Researchers flag new Oracle WebLogic zero-day RCE flaw

Researchers flag new Oracle WebLogic zero-day RCE flaw
2019-04-25 13:25

Attackers looking to compromise Oracle WebLogic servers for their own needs have a new zero-day RCE flaw at their disposal. “Oracle WebLogic wls9_async and wls-wsat components trigger deserialization remote command execution vulnerability. This vulnerability affects all Weblogic versions (including the latest version) that have the wls9_async_response.war and wls-wsat.war components enabled,” KnownSec 404 researchers warn. The flaw has been reported to Oracle, but is yet to receive a CVE number. It can be currently tracked under … More → The post Researchers flag new Oracle WebLogic zero-day RCE flaw appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/unUJBRvCnLk/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 698 249 2225 1709 366 4549