Security News > 2020 > November > Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
While specific details of the flaw were not disclosed, Oracle's alert said it exists in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.
Oracle released an out-of-band security alert to address a vulnerability-CVE-2020-14750-in Oracle WebLogic Server.
"Oracle WebLogic servers continue to be hard-hit with exploits. In May, Oracle urged customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month. In May 2019, researchers warned that malicious activity exploiting a recently disclosed Oracle WebLogic critical deserialization vulnerability was surging - including to spread the REvil/Sodinokibi" ransomware.
In June 2019, Oracle said that a critical remote code-execution flaw in its WebLogic Server was being actively exploited in the wild.
News URL
https://threatpost.com/oracle-update-weblogic-server-flaw/160889/
Related news
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-02 | CVE-2020-14750 | Unspecified vulnerability in Oracle Fusion Middleware Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 7.5 |