Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Oracle WebLogic Vulnerability Targeted One Week After Patching

A vulnerability patched one week ago by Oracle in its WebLogic Server product has already been targeted for exploitation.

A vulnerability patched one week ago by Oracle in its WebLogic Server product has already been targeted for exploitation.

The security hole, tracked as CVE-2020-14882 and classified as critical, was patched by Oracle with its October 2020 Critical Patch Update (CPU). The vulnerability can be exploited remotely and without authentication, allowing an attacker to execute arbitrary code.

The issue was reported to Oracle by a researcher at China-based Chaitin Security Research Lab. On Wednesday, a Vietnamese researcher named Jang published a blog post detailing CVE-2020-14882 (written in Vietnamese) and he showed how easily it can be exploited by sending a specially crafted request to the targeted server.

The SANS Technology Institute reported on Thursday that its honeypots have recorded attempts to exploit this WebLogic vulnerability. Johannes B. Ullrich, dean of research at SANS, said the exploitation attempts appeared to be based on the PoC made public by the Vietnamese researcher.

Ullrich said the attacks that hit SANS honeypots only checked if the system was vulnerable, but others reported seeing exploitation attempts that involved downloading an executable file from a remote server and running it.

The attacks seen by SANS came from four IP addresses assigned to organizations in China, the US and Moldova.

“At this point, we are seeing the scans slow down a bit. But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability,” Ullrich said. “If you find a vulnerable server in your network: Assume it has been compromised.”

Oracle WebLogic Server vulnerabilities are often targeted by threat actors, including profit-driven cybercriminals and state-sponsored groups. Many of these vulnerabilities are exploited after they are patched, but hackers exploiting zero-days is not unheard of.

Shortly after the April 2020 CPU was released, Oracle warned customers that a critical WebLogic vulnerability, one that was disclosed to the vendor by multiple researchers, including Jang, had been exploited in the wild.

Related: Recently Patched Oracle WebLogic Flaw Exploited in the Wild

Related: Critical Oracle WebLogic Vulnerability Exploited in Attacks

Related: Hackers Target Poorly Patched Oracle WebLogic Flaw

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.