THREAT OPS › CVEs › CVE-2017-3506
CVE-2017-3506 — Oracle WebLogic Server OS Command Injection Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.
Vulnerability details
- Affected productsWebLogic Server
- KEV remediation due2024-06-24