Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729

Oracle today released an out-of-band security update for WebLogic, patching yet another XMLDecoder deserialization vulnerability for WebLogic. The flaw is already actively exploited according to Oracle. Exploitation does not require authentication. Exploitation will allow arbitrary code injection and the CVSS score of the vulnerability is 9.8. The vulnerability is similar to CVE-2019-2725 in that it bypasses protections put in place by Oracle when it patched this vulnerability in April. Oracle has been using a "blocklist" approach in patching these deserialization vulnerabilities, blocking the deserialization of very specific classes, which has led to similar bypass/patch cat and mouse games in the past.

Security Company KnownSec has a few more details about the vulnerability [2] including some mitigation techniques.

CVE-2019-2729 was assigned to the vulnerability and it affects versions,, A patch for WLS will be released tomorrow.


Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute


4273 Posts
ISC Handler
Jun 19th 2019

Sign Up for Free or Log In to start participating in the conversation!