Security News > 2020 > October > Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned.
Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.
The vulnerability affects the console component of Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, and has been patched by Oracle last week.
The exploit allows attackers to achieve RCE on a vulnerable Oracle WebLogic Server by sending a HTTP GET request.
Oracle has flagged today a new remote code execution vulnerability in Oracle WebLogic Server that is related to the one patched two weeks ago.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/SePEJleLRVI/
Related news
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)