In April, 2018, Oracle officially released a Critical Patch Update, which is a collection of patches for multiple security vulnerabilities including the high-risk WebLogic T3 deserialization vulnerability (CVE-2018-2628). Attackers can exploit this vulnerability to execute code remotely without authorization. This vulnerability brings high security risks. Oracle officially released the latest patch in a timely manner to fix the vulnerability. You are advised to perform a self-check and upgrade immediately.
The WebLogic T3 protocol deserialization vulnerability on Oracle WebLogic Server 10.3.6.0, 126.96.36.199, 188.8.131.52, and 184.108.40.206 may lead to remote code execution. A malicious attacker can remotely execute commands by constructing malicious request packets to obtain system privileges, which brings serious security risks.
CVE code: CVE-2018-2628
Rule-based defense: Cloud Firewall has been able to defend against remote command execution caused by this vulnerability.
Scope of impact: WebLogic 10.3.6.0, 220.127.116.11, 18.104.22.168, and 22.214.171.124
Rule type: Command execution
Risk level: High