THREATOPS
THREAT OPSCVEs › CVE-2017-3506

CVE-2017-3506 — Oracle WebLogic Server OS Command Injection Vulnerability

CISA KEVExploited: confirmedOracle

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.

Vulnerability details