7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)False Positive:
This strike exploits an insecure deserialization vulnerability in Oracle Coherence library, which is used in popular products such as Oracle WebLogic Server. The vulnerability is a result of insufficient validation of T3 requests in the UniversalExtractor class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation leads to remote code execution, in the context of the user running the Oracle WebLogic service.