https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pan-signatures-for-oracle-weblogic-deserialization-vulnerability/m-p/258959#M544 <P>Any idea if/when PAN may be providing signatures for the new Oracle WebLogic Server deserialization vulnerability (CVE-2019-2725)?</P><P>&nbsp;</P><P><A href="https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html" target="_blank">https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html</A></P> Sun, 28 Apr 2019 00:41:06 GMT hancharenko 2019-04-28T00:41:06Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pan-signatures-for-oracle-weblogic-deserialization-vulnerability/m-p/258959#M544 <P>Any idea if/when PAN may be providing signatures for the new Oracle WebLogic Server deserialization vulnerability (CVE-2019-2725)?</P><P>&nbsp;</P><P><A href="https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html" target="_blank">https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html</A></P> Sun, 28 Apr 2019 00:41:06 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pan-signatures-for-oracle-weblogic-deserialization-vulnerability/m-p/258959#M544 hancharenko 2019-04-28T00:41:06Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pan-signatures-for-oracle-weblogic-deserialization-vulnerability/m-p/259101#M545 <P>It looks like this has been addressed in Application and Threats version 8146 with the default action reset-server. &nbsp;The CVE isn't listed in the CVE ID field, but the description matches the vulnerability.</P><P>&nbsp;</P><P><SPAN>critical - 55570 - Oracle WebLogic wls9-async Remote Code Execution Vulnerability</SPAN></P> Mon, 29 Apr 2019 15:44:56 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pan-signatures-for-oracle-weblogic-deserialization-vulnerability/m-p/259101#M545 hancharenko 2019-04-29T15:44:56Z