News

In Oracle WebLogic is found vulnerability: specialist confirm that attacks through are ongoing

Experts of Chinese company KnownSec 404 that developed IoT-searching engine ZoomEye, discovered dangerous vulnerability in Oracle WebLogic.

According to ZoomEye, on the Internet can be found more than 36 000 available WebLogic Servers that are vulnerable behind the new problem. Majority of them are located in US and China.

Researchers explain,that bug is dangerous for all servers Oracle WebLogic with running components WLS9_ASYNC and WLS-WSAT. First component is necessary for asynchronous operations while second is a protective solution. As there is no corrections available yet, experts do not disclose technical details but write that vulnerability is connected with deserialization and enable remote hacker achieving execution of any commands without authorization (with the use of special HTTP-request).

As a preventative measure is recommended either fully eliminate problematic components by deleting them and restarting WebLogic server, or create rules that prohibit requests to /_async/* and /wls-wsat/*.

Internet-security experts from other companies confirm, that vulnerability is really under attacks (hackers are already aware about it) though hackers only investigating as their attacks are limited to scanning in vulnerable parts of WebLogic servers and testing attempts to exploit the bug. Intruders do not try to place malware on their servers or use it for other malicious operations.


36 000 available WebLogic Servers that are vulnerable behind the new problem, according to ZoomEye.

Unfortunately, this situation will not last for a long time, as powerful and extremely popular in enterprise’s environment Oracle WebLogic servers have been a desirable pray for intruders for a long time. For example, in December 2018 were fixed cases when hidden mining on Oracle WebLogic servers enriched internet-cheaters for more than $226 000.

Though producers have informed customers about vulnerability, Oracle launched its quarterly patch set only last week, so, patch for a new bug with arrive only in several months.

By the time this alert was issued, the official still did not release the corresponding fix, which is a “0day” vulnerability. An attacker could exploit this vulnerability to remotely execute commands without authorization, — reported KnownSec 404 specialists.

Bug received identifier CNVD-C-2019-48814.

Source: https://medium.com/@knownseczoomeye/

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Adblockelite.xyz Pop-up Ads

About Adblockelite.xyz Adblockelite.xyz pop-ups can not open out of nowhere. If you have clicked some…

6 hours ago

Remove Appcloud-center.com Pop-up Ads

About Appcloud-center.com Appcloud-center.com pop-ups can not open out of nowhere. If you have actually clicked…

6 hours ago

Remove Groopheetex.com Pop-up Ads

About Groopheetex.com Groopheetex.com pop-ups can not expose out of nowhere. If you have clicked on…

6 hours ago

Remove Vidstreambox.com Pop-up Ads

About Vidstreambox.com Vidstreambox.com pop-ups can not expose out of the blue. If you have actually…

7 hours ago

Remove Mac-uptodate.com Pop-up Ads

About Mac-uptodate.com Mac-uptodate.com pop-ups can not introduce out of the blue. If you have actually…

7 hours ago

Remove Taffetlervers.com Pop-up Ads

About Taffetlervers.com Taffetlervers.com pop-ups can not expose out of the blue. If you have clicked…

7 hours ago