Oracle WebLogic Server (WLS) is a Java EE application server currently developed by Oracle, and it was acquired from BEA Systems in 2008. It is also bundled in other Oracle products such as Oracle Application Testing Suite, which is what the analysis is based on. By default, OATS ships with WebLogic 12.1.3.
The AsyncResponseService component in WebLogic allows a remote user to send a SOAP request that contains a malicious payload in XML format, which ends up being parsed and decoded as Java code, and result in remote code execution.
Our analysis is also based on Metasploit Framework's pull request #11780.