Oracle WebLogic Server Denial-of-Service Vulnerability via HTTP/2

Vulnerability

A denial-of-service vulnerability has been identified in Oracle WebLogic Server versions 14.1.1.0.0 and 14.1.2.0.0, within the Core component of Oracle Fusion Middleware. This vulnerability allows an unauthenticated attacker with network access via HTTP/2 to disrupt the server's availability. Exploitation of this issue can lead to a complete hang or a frequently repeatable crash of the WebLogic Server.

Impact

Exploitation of this vulnerability can cause a complete denial-of-service condition on the affected Oracle WebLogic Server, leading to a hang or a frequently repeatable crash.

Added: Oct 21, 2025, 9:20 PM

Updated: Oct 21, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle WebLogic Server Denial-of-Service Vulnerability via HTTP/2

Vulnerability

Impact

Affected Products

Oracle WebLogic Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating