WebLogic T3 Java deserialization RCE — the first of many WebLogic deserialization bugs. Block T3 protocol at the firewall or apply Oracle CPU. Disable T3 if WebLogic is internet-exposed. Java deserialization remains a critical Java EE vulnerability class.
The WLS Security component in Oracle WebLogic Server allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →