Oracle WebLogic servers are under attack from hackers who are trying to take over vulnerable installations that have not received a recent patch for a critical vulnerability.
The security bug at the heart of these hacking attempts is CVE-2018-2893, a vulnerability in a component of the Oracle WebLogic middleware that allows an attacker to gain control over the entire server without having to know its password.
The vulnerability has received a "critical" level and a severity score of 9.8 out of 10 on the CVSv3 severity scale due to its consequences, remote exploitation factor, and ease of exploitation.
Details about this vulnerability were never made public, and Oracle released patches for this bug on July 18, last week.
Link to full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.