Security News > 2019 > June > Another Oracle WebLogic Server RCE under active exploitation
2019-06-19 08:34
Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers to apply the security update as soon as possible. Speed is of the essence as, according to KnownSec 404 researchers, the vulnerability is already being exploited in the wild. About the vulnerability (CVE-2019-2729) “This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network … More → The post Another Oracle WebLogic Server RCE under active exploitation appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/rNAsJj2MAZk/
Related news
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2019-2729 | Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 9.8 |