Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729

Oracle today released an out-of-band security update for WebLogic, patching yet another XMLDecoder deserialization vulnerability for WebLogic. The flaw is already actively exploited according to Oracle. Exploitation does not require authentication. Exploitation will allow arbitrary code injection and the CVSS score of the vulnerability is 9.8. The vulnerability is similar to CVE-2019-2725 in that it bypasses protections put in place by Oracle when it patched this vulnerability in April. Oracle has been using a "blocklist" approach in patching these deserialization vulnerabilities, blocking the deserialization of very specific classes, which has led to similar bypass/patch cat and mouse games in the past.

Security Company KnownSec has a few more details about the vulnerability [2] including some mitigation techniques.

CVE-2019-2729 was assigned to the vulnerability and it affects versions,, A patch for WLS will be released tomorrow.


Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2021


4306 Posts
ISC Handler
Jun 19th 2019

Sign Up for Free or Log In to start participating in the conversation!