Monday, February 22, 05:10
Home security Oracle is releasing an additional security update for WebLogic servers

Oracle is releasing an additional security update for WebLogic servers

Oracle is releasing an additional fix to fix a bug a second time after the proof-of-concept exploit code was released.


Oracle released a rare non-standard security update on Sunday to address an incomplete patch for a recently discovered vulnerability on Oracle WebLogic servers that is currently being actively exploited in real-time. attacks.

The new patch (called CVE-2020-14750) adds additional fixes to a first bug (CVE-2020-14882), which was originally fixed with the standard Oracle October 2020 quarterly security updates.

CVE-2020-14882 is a dangerous vulnerability that allows invaders to perform malicious code on an Oracle WebLogic server with increased permissions before server authentication begins.

To take advantage of CVE-2020-14882, an attacker must send only one request HTTP GET in management console of the WebLogic server.

As the exploitation is insignificant, the exploitation code is proof-of-concept (PoC) was released within days of Oracle's initial patch.

But these POCs were quickly adopted by various threat groups, and last week, the SANS ISC reported attacks on WebLogic honeypots.

But even the fixed systems were not considered safe.

According to Adam Boileau, chief security consultant at Insomnia Sec, the original patch for CVE-2020-14882 could be bypassed if intruders changed a character in the standard POC exploit.

The recent attacks and the bypassing of the original updated led Oracle to release a second set of updates on Sunday, a rare security update outside the scheduled.

Recommended for companies running WebLogic servers to install the additional patch CVE-2020-14750 for protection against both the original CVE-2020-14882 exploit and bypass of.

According to security firm Spyse, more than 3.300 WebLogic servers are currently on display at Internet and are considered vulnerable to the initial vulnerability CVE-2020-14882.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...