Security advisories

Oracle WebLogic RCE Vulnerability - UPDATE

June 20, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

The Threat

On June 15th, 2019, security researchers from KnownSec 404 publicly announced that new zero-day attacks against Oracle WebLogic Servers are occurring in the wild [1]. The vulnerability being exploited in these attacks (CVE-2019-2729) allows for remote and unauthenticated code execution on vulnerable Oracle WebLogic servers. As of June 18th, 2019, Oracle has released security patches to mitigate this vulnerability [2]. It is highly recommended to apply these patches, after a business impact review, to limit the risk of successful exploitation.

What we’re doing about it

What you should do about it

Additional information

The vulnerability resides in the XMLDecoder in Oracle WebLogic Server Web Services. Due to the lack of required authentication and the wide number of vulnerable servers, it is highly important to quickly apply security patches.

The threat actors, in this case, appear to have bypassed the Oracle patches released in late April that addressed CVE-2019-2725 [3].

Vulnerable Oracle WebLogic Servers Versions:

References:

[1] https://medium.com/@knownsec404team/knownsec-404-team-alert-again-cve-2019-2725-patch-bypassed-32a6a7b7ca15

[2] https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html?from=groupmessage&isappinstalled=0

[3] https://www.esentire.com/security-advisories/oracle-weblogic-rce-vulnerability/

View Most Recent Advisories