En Oracle WebLogic se encuentra la vulnerabilidad: especialistas confirman que los ataques están llevando a cabo a través

Los expertos de la compañía china KnownSec 404 que desarrolló el motor ZoomEye IO-búsqueda, descubierto peligrosa vulnerabilidad en Oracle WebLogic.

UNAccording to para hacer un zoom, en Internet se pueden encontrar más de 36 000 Servidores WebLogic disponibles que son vulnerables detrás del nuevo problema. La mayoría de ellos se encuentran en Estados Unidos y China.

Los investigadores explican,that bug is dangerous for all servers Oracle WebLogic with running components WLS9_ASYNC and WLS-WSAT. First component is necessary for asynchronous operations while second is a protective solution. As there is no corrections available yet, experts do not disclose technical details but write that vulnerability is connected with deserialization and enable remote hacker achieving execution of any commands without authorization (with the use of special HTTP-request).

As a preventative measure is recommended either fully eliminate problematic components by deleting them and restarting WebLogic server, or create rules that prohibit requests to /_async/* and /wls-wsat/*.

Internet-security experts from other companies confirm, that vulnerability is really under attacks (hackers are already aware about it) though hackers only investigating as their attacks are limited to scanning in vulnerable parts of WebLogic servers and testing attempts to exploit the bug. Intruders do not try to place malware on their servers or use it for other malicious operations.

Zoom Eye, Oracle WebLogic
36 000 Servidores WebLogic disponibles que son vulnerables detrás del nuevo problema, De acuerdo con ZoomEye.

Desafortunadamente, this situation will not last for a long time, as powerful and extremely popular in enterprise’s environment Oracle WebLogic servers have been a desirable pray for intruders for a long time. Por ejemplo, in December 2018 were fixed cases when hidden mining on Oracle WebLogic servers enriched internet-cheaters for more than $226 000.

Though producers have informed customers about vulnerability, Oracle launched its quarterly patch set only last week, Asi que, patch for a new bug with arrive only in several months.

By the time this alert was issued, the official still did not release the corresponding fix, which is a “0day” vulnerability. An attacker could exploit this vulnerability to remotely execute commands without authorization, — reported KnownSec 404 especialistas.

Bug received identifier CNVD-C-2019-48814.

Fuente: https://medium.com/@knownseczoomeye/

Acerca de Trojan Killer

Trojan Killer llevar portátil en su dispositivo de memoria. Asegúrese de que usted es capaz de ayudar a su PC resistir cualquier amenaza cibernética donde quiera que vaya.

también puedes ver

MageCart en la plataforma de nube Heroku

Los investigadores encontraron Varios MageCart Web skimmers En Heroku Cloud Platform

Investigadores de Malwarebytes informaron sobre la búsqueda de varios skimmers MageCart web en la plataforma de nube Heroku …

Android Spyware CallerSpy

máscaras spyware CallerSpy como una aplicación de chat Android

expertos de Trend Micro descubrieron que el malware CallerSpy, que enmascara como una aplicación de chat y Android, …

Deja una respuesta