Zero day remote code execution in Oracle WebLogic Server
CVE: Not known - CNVD-2018-07811 (China National Vulnerability Database)
CVE Score: 9.8
Oracle WebLogic Server is affected by a remote code execution vulnerability. It allows attackers to remotely execute arbitrary commands on the affected servers just by sending a specially crafted HTTP request, without requiring any authorization.
Two proofs of concept are available on the web. This vulnerability is currently actively exploited into the wild.
The vulnerability, spotted by the researchers from KnownSec 404, concerns Oracle WebLogic Server. It contains a critical deserialization remote code execution vulnerability which can be triggered via 2 components: “wls-wsat.war" and "wls9_async_response.war". Those “WAR” processes are responsible for ingesting serialized data.
Oracle has released a patch and revised their critical security patches bundle of april. CERT.be recommends administrators to patch vulnerable systems after thorough testing.
For more information concerning the security patch you can visit this link : https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
A new patch has been released : https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html