In April, 2018, Oracle officially released a Critical Patch Update, which is a collection of patches for multiple security vulnerabilities including the high-risk WebLogic T3 deserialization vulnerability (CVE-2018-2628). Attackers can exploit this vulnerability to execute code remotely without authorization. This vulnerability brings high security risks. Oracle officially released the latest patch in a timely manner to fix the vulnerability. You are advised to perform a self-check and upgrade immediately.

The WebLogic T3 protocol deserialization vulnerability on Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.13 may lead to remote code execution. A malicious attacker can remotely execute commands by constructing malicious request packets to obtain system privileges, which brings serious security risks.

CVE code: CVE-2018-2628

Rule-based defense: Cloud Firewall has been able to defend against remote command execution caused by this vulnerability.

Scope of impact: WebLogic 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3

Rule type: Command execution

Risk level: High