SERVER-ORACLE -- Snort has detected traffic exploiting vulnerabilities in Oracle Database Server.
SERVER-ORACLE Oracle WebLogic unsafe deserialization remote code execution attempt
This event is generated when an attacker attempts to exploit CVE-2019-2890.
Attempted User Privilege Gain
Oracle WebLogic is vulnerable to an unsafe deserialization vulnerability in the PersistentContext class that could lead to remote code execution. Attackers who abuse this will potentially gain a foothold into a compromised system, which may lead to further exploitation.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-2890Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 188.8.131.52.0 and 184.108.40.206.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
||Ease of Access||LOW