26 April 2019

Dangerous RCE flaw revealed in Oracle WebLogic

Dangerous RCE flaw revealed in Oracle WebLogic

A team of cybersecurity researchers is warning of a dangerous remote code vulnerability that affects the Oracle WebLogic service platform that we track under SB2019042604. The bug in question is a remotely exploitable deserialization flaw, which is present in all Weblogic versions (including the latest version) within the wls9_async_response.war and wls-wsat.war components.

Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation, it is used by numerous applications and web enterprise portals based on Java technology. The flaw affects the WebLogic 10.x and WebLogic 12.1.3 versions.

An attacker could exploit this vulnerability to remotely execute commands without authorization by sending a specially crafted HTTP request.

Oracle has been notified of this vulnerability, but the issue is unlikely to be patched in the near future, considering that the vendor releases security updates every three months and recently had released a Critical Patch Update. But there is still a chance that Oracle could roll out an emergency patch.

According to the ZoomEye cyberspace search engine, more than 36,000 WebLogic servers are publicly accessible on the Internet and remain open to the attacks. Moreover, the cybercriminals are already expressing interest in this flaw, although it should be noted that for now they are only scanning for WebLogic servers and using a harmless exploit to test the vulnerability without dropping the malware on vulnerable hosts.

As a temporary solution it is recommended to either find and delete wls9_async_response.war and wls-wsat.war files and then restart the Weblogic service, or to restrict access to the /_async/* and /wls-wsat/* URL paths via access policy control.

Back to the list

Latest Posts

New Mirai variant utilises 13 different exploits to attack more routers and video recording devices

New Mirai variant utilises 13 different exploits to attack more routers and video recording devices

This marks the first time when all of them have been used in a single campaign together.
24 May 2019
Researchers shed some light on commands used by Zebrocy toolkit

Researchers shed some light on commands used by Zebrocy toolkit

Malware operators run commands manually to collect a vast amount of data from infected systems.
23 May 2019
Malware sample uploaded to VirusTotal linked to ongoing APT28 attack

Malware sample uploaded to VirusTotal linked to ongoing APT28 attack

The attacks have been linked to a cyber espionage group APT28.
22 May 2019
Featured vulnerabilities
Privilege escalation in libvirt
Low Patched | 24 May, 2019
Multiple vulnerabilities in OpenEMR
Medium Patched | 23 May, 2019
CSRF in WP Open Graph plugin for WordPress
Medium Patched | 23 May, 2019
Multiple vulnerabilities in cURL
High Patched | 23 May, 2019