The hackers scan the internet to detect servers that are running Oracle WebLogic versions, vulnerable to this error.
CVE-2020-14882, discovered by the security researcher Voidfyoo by Chaitin Security Research Lab, can be used by unauthorized users. Attackers can take control of one systemic by sending a simple HTTP GET request.
Η vulnerability has received a score of 9,8 out of 10 on the vulnerability scale. However, Oracle has already taken care of this error with Critical Patch Update (CPU) released this month.
The affected versions of Oracle WebLogic Server are: 10.3.6.0.0, 188.8.131.52.0, 184.108.40.206.0, 220.127.116.11.0 and 18.104.22.168.
Security researchers from SANS Technology Institute they created honeypots which allowed them to see a series of attacks, exploiting this vulnerability. The attacks started shortly after the exploit code of the error was published.
The researchers observed that attacks targeting honeypots came from the following IP addresses:
- 22.214.171.124 (China)
- 126.96.36.199 (USA)
- 188.8.131.52 (Moldova)
- 184.108.40.206 (Hong Kong)
According to SANS experts, the exploit used in the attacks appears to be based on code published by researcher Jang.
"These exploitation efforts are currently trying to verify if the system is vulnerable", Say the researchers of the SANS Technology Institute in a post.
SANS Institute warns ISPs using IP addresses involved in attacks.
According to experts, a search on Spyse engine, for vulnerable Oracle WebLogic servers, brought at least 3,000 results.
Oracle WebLogic servers administrators should update them immediately systems to fix the CVE-2020-14882 vulnerability and stay safe.
Source: Security Affairs