Attackers seek Oracle WebLogic vulnerability after faulty patch

Attackers seek Oracle WebLogic vulnerability after faulty patch

Following a broken patch, researchers noticed a rise in devices scanning servers potentially at risk to an Oracle WebLogic vulnerability.One of the mo

Pence Used AOL Email On Governor Business, Got Hacked
Voting Machines Hacked with Ease at DEF CON
IDG Contributor Network: Neiman Marcus data breach settlement tells us plenty about the ROI of security

Following a broken patch, researchers noticed a rise in devices scanning servers potentially at risk to an Oracle WebLogic vulnerability.

One of the more than 250 issues addressed in the most recent quarterly Oracle Critical Patch Update on April 18 was an Oracle WebLogic vulnerability (CVE-2018-2628). Multiple users on GitHub released proof of concept (POC) exploit code against this flaw as early as April 19, and soon after, devices were scanning for at-risk servers.

 Liao Xinxi — who originally reported the issue to Oracle — described how the Oracle WebLogic vulnerability worked in a blog post and security researchers found the patch was broken and could be easily bypassed. David Tampellini, security researcher and bug hunter based in Italy, combined the work done by Liao with code from GitHub user MrTcsy to weaponize the POC.

Kevin Beaumont, a security architect based in the U.K., said on Twitter that the problem was that the original patch did nothing to fix the Oracle WebLogic vulnerability. Instead, Oracle attempted to mitigate the issue by blacklisting commands used in a potential exploit, but Beaumont said Oracle missed a command.

Beaumont said the risks could be minimized by blocking inbound traffic on port 7001 to vulnerable servers.

This is not the only Oracle WebLogic vulnerability putting users at risk recently. In February, businesses were warned to patch a different WebLogic flaw that was being exploited by cryptojackers. And, Beaumont noted the issues extended beyond that as well.

Go to Source

COMMENTS