In Oracle WebLogic ist Verwundbarkeit gefunden: Spezialist bestätigen, dass durch sind Angriffe laufenden

Experten der chinesischen Unternehmen KnownSec 404 dass die entwickelten IoT-searching Motor ZoomEye, entdeckt gefährliche Schwachstelle in Oracle WebLogic.

EINccording to ZoomEye, im Internet kann mehr als gefunden werden 36 000 verfügbar WebLogic Server, die hinter dem neuen Problem anfällig sind. Die meisten von ihnen sind in den USA und China.

Die Forscher erklären,that bug is dangerous for all servers Oracle WebLogic with running components WLS9_ASYNC and WLS-WSAT. First component is necessary for asynchronous operations while second is a protective solution. As there is no corrections available yet, experts do not disclose technical details but write that vulnerability is connected with deserialization and enable remote hacker achieving execution of any commands without authorization (with the use of special HTTP-request).

As a preventative measure is recommended either fully eliminate problematic components by deleting them and restarting WebLogic server, or create rules that prohibit requests to /_async/* and /wls-wsat/*.

Internet-security experts from other companies confirm, that vulnerability is really under attacks (hackers are already aware about it) though hackers only investigating as their attacks are limited to scanning in vulnerable parts of WebLogic servers and testing attempts to exploit the bug. Intruders do not try to place malware on their servers or use it for other malicious operations.

Zoom Eye, Oracle WebLogic
36 000 verfügbar WebLogic Server, die hinter dem neuen Problem anfällig sind, Nach ZoomEye.

Unglücklicherweise, this situation will not last for a long time, as powerful and extremely popular in enterprise’s environment Oracle WebLogic servers have been a desirable pray for intruders for a long time. Zum Beispiel, in December 2018 were fixed cases when hidden mining on Oracle WebLogic servers enriched internet-cheaters for more than $226 000.

Though producers have informed customers about vulnerability, Oracle launched its quarterly patch set only last week, So, patch for a new bug with arrive only in several months.

By the time this alert was issued, the official still did not release the corresponding fix, which is a “0day” vulnerability. An attacker could exploit this vulnerability to remotely execute commands without authorization, — reported KnownSec 404 Spezialisten.

Bug received identifier CNVD-C-2019-48814.


Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

MageCart auf der Heroku Cloud Platform

Die Forscher fanden mehrere MageCart Web Skimmer Auf Heroku Cloud Platform

Forscher an Malwarebytes berichteten über mehr MageCart Web-Skimmer auf der Heroku Cloud-Plattform zu finden, …

Android Spyware CallerSpy

CallerSpy Spyware Masken als Android-Chat-Anwendung

Trend Micro Experten entdeckt die Malware CallerSpy, die Masken als Android-Chat-Anwendung, und, …

Hinterlasse eine Antwort