Best solution: Java deserialization is a process from byte streams back to objects. The ObjectInputStream class’s readObject() method is used for deserialization. So to exploit the Java deserialization vulnerability, you need to pass in the attacker’s serialization code where deserialization takes place. Deserialization remote command execution vulnerability exists in Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1. Malicious personnel can remotely execute commands by constructing malicious request packets.
Exploit: The same Java deserialization vulnerability also exists in Jboss, Websphere, Jenkins containers. The Java deserialization test tool is available for testing.