Security News > 2019 > June > Another Oracle WebLogic Server RCE under active exploitation
2019-06-19 08:34
Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers to apply the security update as soon as possible. Speed is of the essence as, according to KnownSec 404 researchers, the vulnerability is already being exploited in the wild. About the vulnerability (CVE-2019-2729) “This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network … More → The post Another Oracle WebLogic Server RCE under active exploitation appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/rNAsJj2MAZk/
Related news
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2019-2729 | Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 9.8 |