Jump to content

Search the Community

Showing results for tags 'cve-2018-2893'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. Oracle patched the bug last month but attacks began after proof-of-concept code was published on GitHub. Enterprise software giant Oracle published an urgent security alert last night, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. Oracle says it received reports of attempts to exploit CVE-2020-2883, a vulnerability in its WebLogic enterprise product. WebLogic is a Java-based middleware server that sits between a front-facing application and a database system, rerouting user requests and returning needed data. It is a wildly popular middleware solution, with tens of thousands of servers currently running online. The CVE-2020-2883 vulnerability is a dangerous bug, which received a 9.8 score out of 10, on the CVSSv3 vulnerability severity scale. The bug, which was privately reported to Oracle, allows a threat actor to send a malicious payload to a WebLogic server, via its proprietary T3 protocol. The attack takes place when the server receives the data and unpacks (deserializes) it in an unsafe manner that also runs malicious code on the underlying WebLogic core, allowing the hacker to take control over unpatched systems. Oracle says that no user authentication or interaction is needed to exploit this bug. This makes CVE-2020-2883 an ideal candidate for integration in automated web-based attack tools and botnet operations. Oracle patched the bug during its quarterly security updates, released on April 14. Current exploitation attempts appear to have started after proof-of-concept code to exploit the CVE-2020-2883 bug was published on GitHub a day later. Oracle said that exploitation attempts against other vulnerabilities patched last month were also reported but the company highlighted the WebLogic vulnerability in particular. This is because in recent years, hackers have constantly shown interest in weaponizing and exploiting WebLogic bugs [1, 2, 3, 4, 5, 6, 7, 8, 9] . Hacking groups have been using these vulnerabilities to hijack WebLogic servers to run cryptocurrency miners or breach corporate networks and install ransomware. CVE-2020-2883 will almost certainly join CVE-2019-2729, CVE-2019-2725, CVE-2018-2893, CVE-2018-2628, and CVE-2017-10271 as one of the most exploited WebLogic vulnerabilities in the wild. Via zdnet.com
×
×
  • Create New...