CVE-2019-2568 no Oracle WebLogic põe em perigo 36,000 servidores
CYBER NEWS

CVE-2019-2568 no Oracle WebLogic põe em perigo 36,000 servidores

Outro dia, outra vulnerabilidade. O mantra de segurança cibernética está nos trazendo outro problema sério no Oracle WebLogic Server.

a vulnerabilidade, identificado como CVE-2019-2568, is easily exploitable and can allow an attacker with low privileges and network access via HTTP to compromise Oracle WebLogic Server. The vulnerability was discovered by KnownSec 404.




CVE-2019-2568 Official Description

Vulnerabilidade no componente do Oracle WebLogic Server da Oracle Fusion Middleware (subcomponente: WLS Core Components). As versões suportadas que são afetados são 10.3.6.0.0, 12.1.3.0.0 e 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server.

It should be noted that while the flaw is located in Oracle WebLogic Server, attacks can significantly impact additional products as well. Attacks based on CVE-2019-2568 can result in unauthorized update, and attackers can also insert or delete access to some of Oracle WebLogic Server accessible data.

The zero-day flaw appears to be targeted in the wild meaning that multiple vulnerable servers are at risk. Oracle is aware of the exploit. Contudo, as the company just released its quarterly security update four days before the bug’s discovery, its patching may take some time. Oracle releases security updates every three months meaning that CVE-2019-2568 is going to be addressed in three months.

Who’s affected? Mais que 36,000 publicly accessible WebLogic servers are currently vulnerable. Before the official patch arrives, affected parties will have to utilize workarounds to avoid attacks.

To avoid attacks, KnownSec 404’s recommendation is to either remove the vulnerable components and restart their WebLogic servers, or deploy firewall rules to prevent requests to two URL paths that are exploited in the wild ( /_async/* and /wls-wsat/*).

relacionado: Mineiros Duplo monero alvo computadores no mundo inteiro em um ataque em progresso.

Oracle WebLogic servers have been targeted continuously in recent months, especially by hackers that carry out cryptomining campaigns. CVE-2017-10271 has become one of attackers’ most preferred vulnerabilities. Attacks based on this specific bug were detected in January last year, when cybercriminals were targeting database servers in the so-called double Monero miner attacks.

This was considered a novel tactic as it was used in a non-traditional way. After the machines were impacted by the exploit code, two separate miner software were instituted on the compromised devices.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...