is anyone aware of weblogic vulnerability with CVE 2019-2795, Oracle confirmed that they don't have
Hi All,
Our internal vulnerability team raised an vulnerability saying that current version of weblogic what we are using (WLS 10.3.6) is in risk, below is the statement they provided.
"Oracle WebLogic Server WLS URL Handling Remote File Write. Oracle WebLogic Server WLS contains a flaw that is triggered during the handling of a specially crafted URL. This may allow a remote attacker to write arbitrary files to the system and potentially execute arbitrary code."
CVE ID : CVE 2019-2795
More information you can find on the link : https://github.com/mntn0x/POC/tree/master/Weblogic_wls_async_cve-2019-2795
Could you please let me know do you have any info on this vulnerability.