Work-around discovered for a previously patched vulnerability in Oracle’s WebLogic server
Target: Oracle WebLogic servers
Attack Vector: Accessing the WebLogic servers through a T3 connection when they are running on port 7001
Summary: A workaround has been released for the vulnerability tracked as CVE-2018-2628. The vulnerability lies in Oracle’s WebLogic servers, and provides an attacker the opportunity to execute code on remote servers. After releasing the patch, a researcher found that rather than fully patching the vulnerability, Oracle developers had only blacklisted certain commands, with one or two still available.
Risk assessment summary: This threat is assessed at 3d MODERATE. The threat of this vulnerability is heightened as there is a fully weaponised proof of concept available on GitHub. This means that anyone who uses Oracle WebLogic servers and has not blocked incoming traffic on port 7001 are vulnerable to this attack, and with the rise in scans for port 7001, it is becoming more likely an attack will take place. The threat is heightened further with the consequences of an attack being an attacker gaining compete control of a server if successful.