Security News > 2020 > October > If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'
On Thursday Johannes Ullrich, Dean of Research at the SANS Technology Institute, spotted a massive spike in traffic on research "Honeypot" systems as somebody tried to identify public-facing WebLogic servers that weren't patched against CVE-2020-14882.
If you find a vulnerable server in your network: Assume it has been compromised.
Ullrich said that the exploit code for the Java EE application server code being used appears to be based on information published on Wednesday by someone identified as Nguyen Jang.
All of the exploit attempts originates from four IP addresses, Ullrich said.
84.17.37.239: DataCamp Ltd. "These exploit attempts are right now just verifying if the system is vulnerable," he said.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/29/weblogic_exploit_attack/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 10.0 |