I Oracle vurderes alvor dukket opp problemet og lansert uplanlagt patch for WebLogic serveren

Ved utgangen av forrige uke, eksperter fra kinesiske KnownSec 404 selskap som står bak IOT-søkeren ZoomEye utvikling, oppdaget dangerous issue in Oralce WebLogic.

Bug presented a threat for all Oracle WebLogic servers with running components WLS9_ASYNC and WLS-WSAT. Første komponenten er nødvendig for å utføre asynkrone operasjoner, mens den andre er beskyttelses løsningen.

Vulnerability is linked with deserialization and allows remote attacker to achieve execution of any commands without authorization (with the help of special HTTP-request).

Situations was complicated by the fact that intruders have already used this issue. As Oracle launched quarterly set of patches for its products relatively recently, specialists suggested that patch for 0-day vulnerability will arrive only in June 2019 as a part of next quarterly set of updates.

Heldigvis, experts were wrong this time. Oracle made untypical gesture and presented urgent unplanned patch for this issues. Vulnerability got identifier CVE-2019-2725 and scored 9.8 points in 10-point CVSS vulnerability scale.

As issue is immensely serious, developers urge users to install updates as soon as possible.

Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible”, – wrote Oracle developers

Kilde: https://www.oracle.com

Om Trojan Killer

Carry Trojan Killer Portable på minnepinne. Vær sikker på at du er i stand til å hjelpe din PC motstå eventuelle cyber trusler uansett hvor du går.

Sjekk også

MageCart på Heroku Cloud Platform

Forskere fant flere MageCart Web Skimmers På Heroku Cloud Platform

Forskere ved Malwarebytes rapportert om å finne flere MageCart web skimmere på Heroku Cloud Platform …

Android spyware CallerSpy

CallerSpy spyware masker som en Android-chat program

Trend Micro eksperter oppdaget malware CallerSpy, som masker som en Android-chat program og, …

Legg igjen et svar