Security News > 2020 > October > Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned.
Oracle WebLogic is a Java EE application server that is part of Oracle's Fusion Middleware portfolio and supports a variety of popular databases.
The vulnerability affects the console component of Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, and has been patched by Oracle last week.
The exploit allows attackers to achieve RCE on a vulnerable Oracle WebLogic Server by sending a HTTP GET request.
Oracle has flagged today a new remote code execution vulnerability in Oracle WebLogic Server that is related to the one patched two weeks ago.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/SePEJleLRVI/
Related news
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)