Security News > 2020 > October > Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned.
Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.
The vulnerability affects the console component of Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, and has been patched by Oracle last week.
The exploit allows attackers to achieve RCE on a vulnerable Oracle WebLogic Server by sending a HTTP GET request.
Oracle has flagged today a new remote code execution vulnerability in Oracle WebLogic Server that is related to the one patched two weeks ago.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/SePEJleLRVI/
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)