Jump to content

Search the Community

Showing results for tags 'weblogic'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Oracle has recently addressed a critical vulnerability affecting its WebLogic servers. Users must ensure they update their systems quickly as this WebLogic zero-day bug is presently under active exploitation. The bug, upon exploit, can allow an attacker to hijack a users’ systems. Actively Exploited WebLogic Zero-Day Bug Reportedly, a critical WebLogic zero-day vulnerability has posed a threat to users’ online security. This bug can allow an attacker to take control of the target devices and execute remote code. As stated in Oracle’s advisory, This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. This vulnerability, CVE-2019-2729 has earned a critical severity level, with a CVSS base score of 9.8. According to a study by KnownSec 404 Team, this vulnerability is presently under wild exploits. While they considered this vulnerability a bypass for the patch of a previously known bug (CVE-2019–2725), Oracle clarified that the recent vulnerability is unrelated to it. In a blog post, John Heimann, VP Security Program Management, clarified, Please note that while the issue addressed by this alert is a deserialization vulnerability, like that addressed in Security Alert CVE-2019-2725, it is a distinct vulnerability. Oracle Released A Fix A number of researchers reported the new WebLogic zero-day vulnerability to Oracle. The bug allegedly affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0. Consequently, the vendors patched the bug and released the fix. Because of the severity of the vulnerability, and the active exploitations, Oracle recommends users to ensure a quick update of their respective systems. Due to the severity of this vulnerability, Oracle recommends that this Security Alert be applied as soon as possible. The KnownSec 404 Team also recommended some temporary solutions to mitigate the flaw. Scenario-1: Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service. Scenario-2: Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control. Source
×
×
  • Create New...