Hackers Aim at Vulnerable WebLogic Servers

Hackers started on April 17 and targeted Oracle WebLogic Server’s computers. At the time, Oracle released a quarterly Critical Patch Update (CPU) security recommendation.

Oracle has released the CVE-2018-2628 vulnerability patch, and a bug in WebLogic, a bug in the WLS core component of the Java EE application server. The risk factor for this vulnerability is high because it could allow an attacker to execute code on a remote WebLogic server without authentication.

This vulnerability was discovered and reported by Liao Xinxi of the NSFOCUS Security Team and an independent security researcher named loopx9.

According to Alibaba Cloud Engineers, Oracle seems to have tampered with the CVE-2018-2628 patch and even gave hackers the opportunity to exploit this flaw on the so-called patch WebLogic system.

https://twitter.com/pyn3rd/status/990114565219344384

According to the information scientist Kevin Beaumont, this is because Oracle does not define WebLogic issues at its core, but instead blacklists the commands for the development chain. According to Beaumont, the problem seems to stem from Oracle engineers missing one or more commands.

https://twitter.com/gossithedog/status/987448846887411712

For the time being, Beaumont recommends that the company block incoming links on port 7001 until Oracle releases another – well-patched CVE-2018-2628 patch. Administrators should follow Beaumont’s advice because it is expected that hackers will increase their efforts on WebLogic Server after the incomplete patch of Oracle.

Source: bleepingcomputer