Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

News Update: Oracle Fixed A WebLogic Zero-Day Vulnerability Under Active Exploit In The Wild

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Oracle has recently addressed a critical vulnerability affecting its WebLogic servers. Users must ensure they update their systems quickly as this WebLogic zero-day bug is presently under active exploitation. The bug, upon exploit, can allow an attacker to hijack a users’ systems.

 

 

https://s7d4.turboimg.net/sp/d554c0498648afe726104497f43744a7/352a.jpg

Actively Exploited WebLogic Zero-Day Bug

Reportedly, a critical WebLogic zero-day vulnerability has posed a threat to users’ online security. This bug can allow an attacker to take control of the target devices and execute remote code.

As stated in Oracle’s advisory,

This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This vulnerability, CVE-2019-2729 has earned a critical severity level, with a CVSS base score of 9.8.

 

According to a study by KnownSec 404 Team, this vulnerability is presently under wild exploits. While they considered this vulnerability a bypass for the patch of a previously known bug (CVE-2019–2725),

 

Oracle clarified that the recent vulnerability is unrelated to it. In a blog post, John Heimann, VP Security Program Management, clarified,

Please note that while the issue addressed by this alert is a deserialization vulnerability, like that addressed in Security Alert CVE-2019-2725, it is a distinct vulnerability.

Oracle Released A Fix

A number of researchers reported the new WebLogic zero-day vulnerability to Oracle. The bug allegedly affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0.

 

Consequently, the vendors patched the bug and released the fix. Because of the severity of the vulnerability, and the active exploitations, Oracle recommends users to ensure a quick update of their respective systems.

Due to the severity of this vulnerability, Oracle recommends that this Security Alert be applied as soon as possible.

The KnownSec 404 Team also recommended some temporary solutions to mitigate the flaw.

Scenario-1:  Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service. Scenario-2: Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.

Source

 

Link to comment
Share on other sites
  • Views 475
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...