Oracle WebLogic Server Java Deserialization Remote Code Execution Vulnerability (CVE-2018-2628) Bypass
Oracle patched a critical Java RMI Deserialization vulnerability in WebLogic server earlier this month (CPU April 2018). It was assigned CVE-2018-2628. However, as @pyn3rd tweeted this morning, it turns out that it was a blacklist based incomplete fix that could be bypassed easily. #CVE-2018-2628 Weblogic Server Deserialization Remote Command Execution. Unfortunately the Critical Patch Update of 2018.4 […]