On March 6, 2020, Alibaba Cloud emergency response center detected that details of a remote code execution vulnerability (CVE No.: CVE-2020-2555) in Oracle Coherence deserialization had been disclosed.
Oracle Coherence is a product of Oracle Fusion Middleware. By default, it is integrated into the WebLogic Server installation package in Oracle WebLogic Server 12c and later. This vulnerability allows an unauthenticated attacker to bypass a deserialization blacklist of the WebLogic Server and launch attacks by using a crafted T3 request. This way, the attacker can execute deserialization code on the WebLogic Server.
Cloud Firewall has detected and blocked attacks that are initiated by using this vulnerability.
- Oracle Coherence 126.96.36.199
- Oracle Coherence 188.8.131.52.0
- Oracle Coherence 184.108.40.206.0
- Oracle Coherence 220.127.116.11.0
Risk level: high
Rule-based defense: Cloud Firewall has been able to defend against this vulnerability.
Rule type: command execution
- Upgrade the version of Oracle WebLogic Server or disable the WebLogic T3 protocol.
- Use the intrusion prevention feature of Cloud Firewall.