On March 6, 2020, Alibaba Cloud emergency response center detected that details of a remote code execution vulnerability (CVE No.: CVE-2020-2555) in Oracle Coherence deserialization had been disclosed.

Oracle Coherence is a product of Oracle Fusion Middleware. By default, it is integrated into the WebLogic Server installation package in Oracle WebLogic Server 12c and later. This vulnerability allows an unauthenticated attacker to bypass a deserialization blacklist of the WebLogic Server and launch attacks by using a crafted T3 request. This way, the attacker can execute deserialization code on the WebLogic Server.

Cloud Firewall has detected and blocked attacks that are initiated by using this vulnerability.

Scope of impact:
  • Oracle Coherence 3.7.1.17
  • Oracle Coherence 12.1.3.0.0
  • Oracle Coherence 12.2.1.3.0
  • Oracle Coherence 12.2.1.4.0

Risk level: high

Rule-based defense: Cloud Firewall has been able to defend against this vulnerability.

Rule type: command execution

Security suggestions:
  • Upgrade the version of Oracle WebLogic Server or disable the WebLogic T3 protocol.
  • Use the intrusion prevention feature of Cloud Firewall.