Oracle.WebLogic.Server.EJBTaglibDescriptor.XXE
Description
This indicates an attack attempt to exploit a External Entity Injection Vulnerability in Oracle WebLogic Server.
A remote attacker could exploit this vulnerability by sending malicious XML data to the target server. Successful exploitation could result in the disclosure of file content on the target machine.
Affected Products
Oracle WebLogic Server 10.3.6
Oracle WebLogic Server 12.1.3
Oracle WebLogic Server 12.2.1.3
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuoct2019.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-22 | 16.984 | Name:Oracle. Weblogic. EJBTaglibDescriptor. XXE:Oracle. WebLogic. Server. EJBTaglibDescriptor. XXE |
2019-12-06 | 15.740 | Default_action:pass:drop |
2019-11-21 | 15.728 |