ET WEB_SERVER Oracle WebLogic Unauthenticated IIOP/T3 Remote Code Execution (CVE-2023-21839)

SID: 2065403Rev: 16 views
History
Sourceet/open
CreatedOctober 27, 2025
UpdatedOctober 27, 2025
Classificationmisc-attack
alert tcp any any -> $HOME_NET 7001 (msg:"ET WEB_SERVER Oracle WebLogic Unauthenticated IIOP/T3 Remote Code Execution (CVE-2023-21839)"; flow:established,to_server; content:"GIOP|01 02 00 00|"; startswith; content:"rebind_any"; content:"weblogic|2e|jndi|2e|internal|2e|ForeignOpaqueReference"; fast_pattern; content:"ldap|3a 2f 2f|"; reference:url,packetstorm.news/files/id/172882; reference:cve,2023-21839; classtype:misc-attack; sid:2065403; rev:1; metadata:affected_product Oracle_WebLogic, attack_target Networking_Equipment, created_at 2025_10_27, cve CVE_2023_21839, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_10_27; target:dest_ip;)

References

urlpacketstorm.news/files/id/172882
cve2023-21839

Metadata

affected productOracle_WebLogic
attack targetNetworking_Equipment
created at2025_10_27
deploymentInternal
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2025_10_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!