Wednesday, April 17, 2024

Unpatched Oracle Web Logic Server Zero-day Let Hackers Executes Arbitrary Code Remotely & Gain Network Access

New Zero-day flaw discovered in Oracle Web logic server let attackers exploit this vulnerability to remotely execute commands without authorization.

An Oracle web Logic component wls9_async and wls-wsat trigger this deserialization remote command execution vulnerability and it affects all the Weblogic component wls9_async_response.war and wls-wsat.war enabled versions (including the current version).

WebLogic Server is a Java EE application server developed by Oracle Corporation for cloud environments and traditional environments. 

A wls9_async_response component is enabled by default in some versions of WebLogic and provides asynchronous communication services for WebLogic Server. When it performing the deserializing input information, a WAR package get distorted.

By taking advantage of this flaw, the attacker can send a carefully constructed malicious HTTP request to gain the permissions of the target server and execute the command remotely without authorization.

Reserachers from KnownSec 404 analysis the impacted weblogic server using ZoomEye is a famous cyberspace search engine and have 101,040 results about Oracle WebLogic server, there are 36,173 results on 2019. Most of them are distributed in the US and China.

According to seebug report, At present, Oracle officially has not released a patch, the temporary solution is as follows:

1, delete the war package and restart webLogic;

2. Control access to the URL of the /_async/* path through the access policy.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

284 Vulnerabilities are Fixed that Affected Oracle Products

297 Vulnerabilities Fixed with the Oracle Critical Patch Update


Latest articles

LightSpy Hackers Target Indian Apple Device Users To Steal Sensitive Data

Hackers target Apple device users because they are perceived to be of higher social...

Trustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect Clients

In today's digital landscape, email security has become a critical concern for businesses of...

Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group

In a digital age where information is the new currency, the recent global hack...

Ex-Security Engineer Jailed For Hacking Decentralized Cryptocurrency Exchanges

Ahmed exploited a vulnerability in a decentralized cryptocurrency exchange's smart contract by injecting fabricated...

Omni Hotels & Resorts Hack: Attackers have Stolen Customer Information

Omni Hotels & Resorts has revealed that it was the target of a recent...

Connect:fun Attacking Organizations Running Fortinet’s FortiClient EMS

A new exploit campaign has emerged, targeting organizations that utilize Fortinet’s FortiClient EMS.Dubbed...

TA558 Hackers Compromised 320+ Organizations’ FTP & SMTP Servers

TA558, a financially motivated threat actor identified in 2018, is targeting several countries but...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles