Description
T3 is a special RMI protocol implemented in Weblogic. It's vulnerable to an XML extenal entity injection. An attacker can send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.
Remediation
Upgrade to the latest version of Oracle WebLogic Server. This issue was fixed in Oracle Critical Patch Update - April 2019. Or disable/restrict access to T3
References
Related Vulnerabilities
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)
SAML Consumer Service XML entity injection (XXE)
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
Python object deserialization of user-supplied data
WordPress 4.2.x Denial of Service Vulnerability (4.2 - 4.2.19)