Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE

Proof of Concept: CVE-2018-2894 Oracle WebLogic RCE

Nov 13, 2018

A recent vulnerability was sent in to Detectify Crowdsource regarding an unauthenticated remote code execution (RCE) in Oracle WebLogic Server. It is easily exploited and this video shows the proof of concept.

We’ve now automated a security test for the CVE-2018-2894 Oracle WebLogic RCE in the Detectify web security scanner.