Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: SERVER-ORACLE Oracle WebLogic Server remote command execution attempt  (Read 924 times)

0 Members and 1 Guest are viewing this topic.

nidhinjo

  • Guest
This signature fires upon detecting attempts to exploit a command execution vulnerability in Oracle WebLogic. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).  This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.  This signature detects attempts to exploit a remote code execution vulnerability in Oracle WebLogic server. Oracle WebLogic Server is prone to a remote security vulnerability in WLS Security. The vulnerability can be exploited over the 'HTTP' protocol.

CVSS Scores & Vulnerability Types

Code: [Select]
CVSS Score              5.0
Confidentiality Impact     None (There is no impact to the confidentiality of the system.)
Integrity Impact         None (There is no impact to the integrity of the system)
Availability Impact     Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity        Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication             Not required (Authentication is not required to exploit the vulnerability.)
Gained Access             None

Affected

This vulnerability affects the following supported versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0.

Workarounds

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.

Critical Patch Update Supported Products and Versions

Patches released through the Critical Patch Update program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. We recommend that customers plan product upgrades to ensure that patches released through the Critical Patch Update program are available for the versions they are currently running.

Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.

  :)  ###########################################################################  :)