New Weblogic 0day (More Metasploit Modules)
This time, a short review.
The last Sunday (April 21st), KnownSec 404 Team issued an alert about a new vulnerability that has been exploited in the wild, a 0day for Weblogic, as usual, a deserialization vulnerability, this time in one of its components deployed as a web service (wls9_async and wls-wsat). Some days later (April 23rd), China National Vulnerability Database and time then (April 25th) Oracle, released a Critical Patch Update Advisory about multiple vulnerabilities some of them related.
Reviewing in a bit more detail the technical information about the vulnerabilities , we realize that it was a bug straightforward to exploit since it is an XML serialization vulnerability very similar to some of those that appeared a couple of years ago for the same web container.
Knowing this, we set out to carry out some tests and that day (April 25th), We had a Metasploit module ready to exploit the vulnerability as you can see in the pull requests .
Then, the next day Oracle released an emergency Security Alert Advisory warning about the vulnerability (CVE-2019-2725) 
we want to encourage the community to support the Metasploit project actively. It is an excellent tool that helps us in the pen-testing work.