Oracle Fixed A WebLogic Zero-Day Vulnerability Under Active Exploit In The Wild

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

Oracle has recently addressed a critical vulnerability affecting its WebLogic servers. Users must ensure they update their systems quickly as this WebLogic zero-day bug is presently under active exploitation. The bug, upon exploit, can allow an attacker to hijack a users’ systems.

Actively Exploited WebLogic Zero-Day Bug

Reportedly, a critical WebLogic zero-day vulnerability has posed a threat to users’ online security. This bug can allow an attacker to take control of the target devices and execute remote code.

As stated in Oracle’s advisory,

This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

This vulnerability, CVE-2019-2729 has earned a critical severity level, with a CVSS base score of 9.8.

According to a study by KnownSec 404 Team, this vulnerability is presently under wild exploits. While they considered this vulnerability a bypass for the patch of a previously known bug (CVE-2019–2725), Oracle clarified that the recent vulnerability is unrelated to it. In a blog post, John Heimann, VP Security Program Management, clarified,

Please note that while the issue addressed by this alert is a deserialization vulnerability, like that addressed in Security Alert CVE-2019-2725, it is a distinct vulnerability.

Oracle Released A Fix

A number of researchers reported the new WebLogic zero-day vulnerability to Oracle. The bug allegedly affects Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0.

Consequently, the vendors patched the bug and released the fix. Because of the severity of the vulnerability, and the active exploitations, Oracle recommends users to ensure a quick update of their respective systems.

Due to the severity of this vulnerability, Oracle recommends that this Security Alert be applied as soon as possible.

The KnownSec 404 Team also recommended some temporary solutions to mitigate the flaw.

Scenario-1:  Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service. Scenario-2: Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!