Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware
CVE: CVE-2018-3191
CVE: CVE-2018-3197
CVE: CVE-2018-3201
CVE: CVE-2018-3245
CVE: CVE-2018-3252
CVSS: 9.8
Sources
• https://www.oracle.com/technetwork/topics/security/alerts-086861.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3191
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3197
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3201
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3245
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3252
Risks
Successful exploitation of these vulnerabilities can result in takeover of Oracle WebLogic Server by allowing unauthenticated attacker with network access via the Oracle T3 protocol to compromise the entire Oracle WebLogic Server.
Description
These vulnerabilities allow an unauthenticated attacker with network access and using the Oracle T3 protocol to compromise the WebLogic Server. These vulnerabilities are registered as CVE-2018-3191,3197,3201,3245,3252 and have received a "critical" status and a severity score of 9.8 on the CVSSv3 scale due to its consequences, remote exploitation factor, and ease of exploitation.
Details about these vulnerabilities are not public yet, and Oracle released patches for this bug. However, several proofs of concept have been published and attackers have started to automate and use these POCs.
Recommended Actions
CERT.be recommends users to always keep their systems up to date. Patches can be downloaded at the following address:
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296....
CERT.be recommends applying these critical patches A.S.A.P.