Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution
Posted on 02 April 2019
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.