CyberWisdom Safe Harbor Commentary on Faulty Patch
WebLogic Server acts as a middle tier between the front-end user interface and the back-end database of a multi-tiered enterprise application. It provides a complete set of services for all components and automatically handles detailed information on application behavior.
Initially discovered in November by Liao Xinxi of the NSFOCUS security team, the Oracle WebLogic Server vulnerability (CVE-2018-2628) provides network access through TCP port 7001.
If the attack is successful, the vulnerability could allow a remote attacker to completely take over the vulnerable Oracle WebLogic Server. This vulnerability affects versions 10.3.6.0, 188.8.131.52, 184.108.40.206 and 220.127.116.11.
Since the proof of concept (PoC) exploit for the original Oracle WebLogic Server vulnerabilities has been published on Github, and someone has just bypassed this patch, your latest service is again at risk of being hacked.
Although @ pyn3rd only released a short GIF (Video) as proof of concept (PoC) instead of releasing complete bypass code or any technical details, skilled hackers can find out in a matter of hours or days The method is the same.
It is not yet clear when Oracle will issue a new security update to address this issue that has reopened the CVE-2018-2628 flaw.
In order to be at least a safer step, it is still advisable if you have not yet installed the April Patch Update released by Oracle, because attackers have already started scanning vulnerable WebLogic servers on the Internet.
Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a Engaging post, Read More…
thumbnail courtesy of thehackernews.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »