ET WEB_SERVER Oracle WebLogic Server Remote Code Execution via Insecure Deserialization (CVE-2020-14644)

SID: 2067134Rev: 14 views
Sourceet/open
CreatedJanuary 27, 2026
UpdatedJanuary 27, 2026
Classificationattempted-user
alert tcp any any -> $HOME_NET any (msg:"ET WEB_SERVER Oracle WebLogic Server Remote Code Execution via Insecure Deserialization (CVE-2020-14644)"; flow:established,to_server; content:"com.tangosol.internal.util.invoke.RemoteConstructor"; fast_pattern; content:"com.tangosol.internal.util.invoke.ClassDefinition"; content:"ClassIdentity"; content:"getRuntime"; reference:url,www.kingkk.com/2020/08/CVE-2020-14644%E5%88%86%E6%9E%90%E4%B8%8Egadget%E7%9A%84%E4%B8%80%E4%BA%9B%E6%80%9D%E8%80%83/; reference:cve,2020-14644; classtype:attempted-user; sid:2067134; rev:1; metadata:affected_product Oracle_WebLogic, attack_target Server, created_at 2026_01_27, cve CVE_2020_14644, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2026_01_27, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlwww.kingkk.com/2020/08/CVE-2020-14644%E5%88%86%E6%9E%90%E4%B8%8Egadget%E7%9A%84%E4%B8%80%E4%BA%9B%E6%80%9D%E8%80%83/
cve2020-14644

Metadata

affected productOracle_WebLogic
attack targetServer
created at2026_01_27
deploymentInternal
confidenceMedium
signature severityMajor
tagExploit
updated at2026_01_27
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!