Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle weblogic server 10.3.6.0.0 |
||
oracle weblogic server 12.1.3.0.0 |
||
oracle weblogic server 12.2.1.2.0 |
||
oracle weblogic server 12.2.1.3 |
Honeypots swarmed on within three hours of patch release Oracle whips out the swatter, squishes 254 security bugs in its gear
Security experts are advising administrators to hurry up installing Oracle patches after finding that attackers are quick to target their vulnerabilities. The SANS Institute issued a warning after one of its honeypot systems was targeted by exploits of the CVE-2018-2628 remote code execution flaw in WebLogic just hours after the test server was put live. According to SANS, the flaw has been aggressively targeted since it was first disclosed by Oracle on April 18. The security training company sa...
Security researcher says WebLogic fix can be bypassed, posts proof-of-concept
Earlier this month, Oracle patched a critical vulnerability in its WebLogic server – but someone identifying himself as an Alibaba security researcher reckons Big Red botched the patch. The bug in question was fixed in Oracle's 254-strong quarterly patch-fest that was headlined by Java and Spectre fixes. Tucked way down on the list was CVE-2018-2628, an “easily exploitable” programming blundering allowing a complete remote takeover of WebLogic servers. Over the weekend, @pyn3rd (whose Twit...