google-site-verification: google30a059f9a075f398.html

Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

CyberWisdom Safe Harbor Commentary on Faulty Patch

thehackernews.com opens up a revealing that earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its FusionSphere Middleware WebLogic Server component that could allow an attacker to easily and completely control a vulnerable server.
However, a security researcher who handled @pyn3rd via Twitter and claimed to be a member of Alibaba’s security team has now found a way to use this method to allow attackers to bypass security patches and exploit WebLogic vulnerabilities again.

WebLogic Server acts as a middle tier between the front-end user interface and the back-end database of a multi-tiered enterprise application. It provides a complete set of services for all components and automatically handles detailed information on application behavior.
Initially discovered in November by Liao Xinxi of the NSFOCUS security team, the Oracle WebLogic Server vulnerability (CVE-2018-2628) provides network access through TCP port 7001.

If the attack is successful, the vulnerability could allow a remote attacker to completely take over the vulnerable Oracle WebLogic Server. This vulnerability affects versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3.
Since the proof of concept (PoC) exploit for the original Oracle WebLogic Server vulnerabilities has been published on Github, and someone has just bypassed this patch, your latest service is again at risk of being hacked.

Although @ pyn3rd only released a short GIF (Video) as proof of concept (PoC) instead of releasing complete bypass code or any technical details, skilled hackers can find out in a matter of hours or days The method is the same.
It is not yet clear when Oracle will issue a new security update to address this issue that has reopened the CVE-2018-2628 flaw.
In order to be at least a safer step, it is still advisable if you have not yet installed the April Patch Update released by Oracle, because attackers have already started scanning vulnerable WebLogic servers on the Internet.

Read more…

Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a Engaging post, Read More…

thumbnail courtesy of thehackernews.com

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

 

Add a Comment

Your email address will not be published. Required fields are marked *