APP: Oracle Weblogic LimitFilter Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Oracle Weblogic. Successful exploitation could result in code execution on the target machine.
Extended Description
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected Products
Oracle access_manager
Short Name
APP:ORACLE:WL-LIMFILTER-INS-DES
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2020-2555 Deserialization Insecure LimitFilter Oracle Weblogic
Release Date
03/24/2020
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3746
Port
TCP/7001
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.5