This Critical Oracle Vulnerability is Being Exploited in the Wild


Oracle has been forced to push out an emergency patch after the second critical vulnerability in Oracle WebLogic Server was identified in less than eight weeks. The Oracle vulnerability – rated a drop-everything-and-patch-it-now 9.8 on the CVSS risk matrix – is remotely exploitable without authentication, i.e., may (and has been)  exploited over a network without the need for a username and password.

Oracle WebLogic Server is an application server for building and deploying enterprise Java EE applications: over 40,000 web-accessible instances are at risk.

Oracle’s security alert for the vulnerabilityCVE-2019-2729, describes it as a deserialisation

To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.