Login

Register

Login

Register

Oracle warns of attacks against recently patched WebLogic security bug | #corporatesecurity | #businesssecurity | #


Enterprise software giant Oracle published an urgent security alert last night, urging companies that run WebLogic servers to install the latest patches the company released in mid-April.

Oracle says it received reports of attempts to exploit CVE-2020-2883, a vulnerability in its WebLogic enterprise product.

WebLogic is a Java-based middleware server that sits between a front-facing application and a database system, rerouting user requests and returning needed data. It is a wildly popular middleware solution, with tens of thousands of servers currently running online.

The CVE-2020-2883 vulnerability is a dangerous bug, which received a 9.8 score out of 10, on the CVSSv3 vulnerability severity scale.

The bug, which was privately reported to Oracle, allows a threat actor to send a malicious payload to a WebLogic server, via its proprietary T3 protocol.

The attack takes place when the server receives the data and unpacks (deserializes) it in an unsafe manner that also runs malicious code on the underlying WebLogic core, allowing the hacker to take control over unpatched systems.

Oracle says that no user authentication or interaction is needed to exploit this bug. This makes CVE-2020-2883 an ideal candidate for integration in automated web-based attack tools and botnet operations.

Oracle patched the bug during its quarterly security updates, released on April 14.

Current exploitation attempts appear to have started after proof-of-concept code to exploit the CVE-2020-2883 bug was published on GitHub a day later.

Oracle said that exploitation attempts against other vulnerabilities patched last month were also reported but the company highlighted the WebLogic vulnerability in particular.

This is because in recent years, hackers have constantly shown interest in weaponizing and exploiting WebLogic bugs [1, 2, 3, 4, 5, 6, 7, 8, 9] .

Hacking groups have been using these vulnerabilities to hijack WebLogic servers to run cryptocurrency miners or breach corporate networks and install ransomware.

CVE-2020-2883 will almost certainly join CVE-2019-2729, CVE-2019-2725, CVE-2018-2893, CVE-2018-2628, and CVE-2017-10271 as one of the most exploited WebLogic vulnerabilities in the wild.





Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW