← Back to CVE List

CVE-2023-40571

Published: 2023-08-25T21:15Z
Last Modified: 2024-11-21T08:19Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt