CVE-2019-2568 in Oracle WebLogic Endangers 36,000 Servers
NEWS

CVE-2019-2568 in Oracle WebLogic Endangers 36,000 Servers

Another day, another vulnerability. The cybersecurity mantra is giving us another serious issue in Oracle WebLogic Server.

The vulnerability, identified as CVE-2019-2568, is easily exploitable and can allow an attacker with low privileges and network access via HTTP to compromise Oracle WebLogic Server. The vulnerability was discovered by KnownSec 404.




CVE-2019-2568 Official Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server.

It should be noted that while the flaw is located in Oracle WebLogic Server, attacks can significantly impact additional products as well. Attacks based on CVE-2019-2568 can result in unauthorized update, and attackers can also insert or delete access to some of Oracle WebLogic Server accessible data.

The zero-day flaw appears to be targeted in the wild meaning that multiple vulnerable servers are at risk. Oracle is aware of the exploit. However, as the company just released its quarterly security update four days before the bug’s discovery, its patching may take some time. Oracle releases security updates every three months meaning that CVE-2019-2568 is going to be addressed in three months.

Who’s affected? More than 36,000 publicly accessible WebLogic servers are currently vulnerable. Before the official patch arrives, affected parties will have to utilize workarounds to avoid attacks.

To avoid attacks, KnownSec 404’s recommendation is to either remove the vulnerable components and restart their WebLogic servers, or deploy firewall rules to prevent requests to two URL paths that are exploited in the wild ( /_async/* and /wls-wsat/*).

Related:
Monero miners are one of the most popular cryptocurrency-related malware that are being distributed in attack campaigns in the last few months
Double Monero Miners Target Computers Worldwide in an Ongoing Attack.

Oracle WebLogic servers have been targeted continuously in recent months, especially by hackers that carry out cryptomining campaigns. CVE-2017-10271 has become one of attackers’ most preferred vulnerabilities. Attacks based on this specific bug were detected in January last year, when cybercriminals were targeting database servers in the so-called double Monero miner attacks.

This was considered a novel tactic as it was used in a non-traditional way. After the machines were impacted by the exploit code, two separate miner software were instituted on the compromised devices.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...