Intrusion Prevention

Oracle.WebLogic.Server.Unrestricted.File.Upload.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Oracle WebLogic Server.
The vulnerability is caused by insufficient sanitizing of user inputs in the application when handling file uploads. A remote attacker may be able to exploit this to upload arbitrary files onto the system and access it later, leading to code execution.

Affected Products

Oracle WebLogic Server 10.3.6.0
Oracle WebLogic Server 12.1.3.0
Oracle WebLogic Server 12.2.1.2
Oracle WebLogic Server 12.2.1.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

CVE References

CVE-2018-2894