Security News > 2020 > October > Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned.
Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.
The vulnerability affects the console component of Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, and has been patched by Oracle last week.
The exploit allows attackers to achieve RCE on a vulnerable Oracle WebLogic Server by sending a HTTP GET request.
Oracle has flagged today a new remote code execution vulnerability in Oracle WebLogic Server that is related to the one patched two weeks ago.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/SePEJleLRVI/
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Oracle Cloud says it's not true someone broke into its login servers and stole data (source)
- Oracle Health reportedly warns of info leak from legacy server (source)