Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware
CVE: CVE-2018-2893
CVSS: 9.8
Sources
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2893
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://blog.netlab.360.com/malicious-campaign-luoxk-is-actively-exploiting-cve-2018-2893/
https://www.bleepingcomputer.com/news/security/attacks-on-oracle-weblogic-servers-detected-after-publication-of-poc-code/
Risks
Successful exploitation of this vulnerability can result in a takeover of the entire Oracle WebLogic Server without having to know its password. Several proofs of concepts have been published and there are reports of successful attacks.
Description
This vulnerability allows an unauthenticated attacker with network access and using the Oracle T3 protocol to compromise the WebLogic Server. This vulnerability is registered as CVE-2018-2893 and has received a "critical" status and a severity score of 9.8 on the CVSSv3 scale due to its consequences, remote exploitation factor, and ease of exploitation. Details about this vulnerability were never made public, and Oracle released patches for this bug on July 18, last week. However, since then, several proofs of concept have been published and attackers have started to automate and use these POCs.
Recommended Actions
CERT.be recommends users to always keep their systems up to date. Patches can be downloaded at the following address : http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CERT.be recommends users to limit the access to port 7001 to systems needing it.