Exploit for Oracle WebLogic Server BadAttributeValueExpException deserialization CVE-2020-2555

Name: Exploit for Oracle WebLogic Server BadAttributeValueExpException deserialization CVE-2020-2555
Rating: 5 (128 reviews)

2020-05-27 | CVSS 9.8

## https://sploitus.com/exploit?id=SAINT:9870FA2AA27A04C7E50DC7E0A2A344D0
Added: 05/27/2020  
CVE: CVE-2020-2555  


### Background

Oracle WebLogic Server (formerly BEA WebLogic Server) is a Java web application platform. 

### Problem

A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized `**BadAttributeValueExpException**` object over the T3 protocol. 

### Resolution

Apply the patch referenced in Oracle Critical Patch Update Advisory - January 2020. 

### References

https://www.oracle.com/security-alerts/cpujan2020.html   


### Limitations

Exploit works on Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0 on Windows. 

### Platforms

Windows