Oracle WebLogic Servers Attacked Following Publication Of PoC Code

Hackers have attacked the Oracle WebLogic servers and attempted to take control of those vulnerable who have not received the latest patch after a critical vulnerability was highlighted.

The bug is registered as CVE-2018-2893 – a vulnerability in the Oracle WebLogic middleware that allows that hacker to take control over the entire server without even needing the password. The vulnerability has reached the critical level after these hacking attempts. The vulnerability has received 9.8/10 critical level score on the CVSv3 Security Scale.

The high score is due to the remote exploitation factor and the ease of exploitation of the vulnerability. The details of the vulnerability were never released to the public and the company had released patches for this bug on July 18th.

After three days there have been several Proof-of-Concept videos that explain the exploit and most of the videos have been taken down there are still PoC code which are available in GitHub at the time of this articles publication (A,B). The availability of the PoC code has led to a lot of vulnerabilities and exploitation attempts. The first exploitation attempt reportedly started on July 21st when the news of PoC existence had gone wide and from then the attacks have ramped up.

The Security Researchers from ISC SANS and Qihoo 360 Netlab are currently tracking two groups who seem to have automated the exploitation routine and are conducting the attacks on a huge scale.

The owners of the Oracle Servers are instructed to apply the patch as soon as possible. The Oracle WebLogic Servers that are running  10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 are currently vulnerable to the exploit and will be needing the patch.

The flaw is being exploited by using the port 7100 so all the owners who haven’t applied the patch are requested to block the port on their routers.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil