Warning: Critical Oracle WebLogic flaw actively targeted in attacks, CVE-2020-14882 CVSS 9.8 RCE
CVE-2020-14882 - 9.8 CVSS V3(CRITICAL)
Sources
https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-20... (Foreign language)
Risks
CVE-2020-14882 can be exploited by an unauthenticated attacker by sending a simple HTTP GET request leading to a full compromise of a vulnerable system.
Description
There is an increased activity of threat actors scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the attempt of exploiting the critical flaw tracked as CVE-2020-14882.
CVE-2020-14882 can be exploited by an unauthenticated attacker by sending a simple HTTP GET request leading to a full compromise of a vulnerable system.
Oracle fixed the vulnerability in this month’s release of Critical Patch Update (CPU).
Recommended Actions
CERT.be recommends to System administrators to install the latest updates released by the vendor for the affected versions: https://www.oracle.com/security-alerts/cpuoct2020.html
References
https://www.oracle.com/security-alerts/cpuoct2020.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882
https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-...