January 19, 2018
Vulnerability Notification: Oracle WebLogic Server XmlAdapter Deserialization
[Overview] Oracle WebLogic Server is an enterprise multi-tiered Java application service, commonly used as a large enterprise web application platform. [Vulnerability Details] This vulnerability is exploited due to insufficient validation of serialized XML data by WorkContextXmlInputAdapter. An unauthenticated attacker could exploit this vulnerability by sending carefully crafted HTTP XML requests. Exploiting this vulnerability could result…January 7, 2018