Security News > 2020 > October > If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'

If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'
2020-10-29 22:35

On Thursday Johannes Ullrich, Dean of Research at the SANS Technology Institute, spotted a massive spike in traffic on research "Honeypot" systems as somebody tried to identify public-facing WebLogic servers that weren't patched against CVE-2020-14882.

If you find a vulnerable server in your network: Assume it has been compromised.

Ullrich said that the exploit code for the Java EE application server code being used appears to be based on information published on Wednesday by someone identified as Nguyen Jang.

All of the exploit attempts originates from four IP addresses, Ullrich said.

84.17.37.239: DataCamp Ltd. "These exploit attempts are right now just verifying if the system is vulnerable," he said.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/29/weblogic_exploit_attack/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
 10.0
10