Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution
Posted on 02 April 2019
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.