Hackers are on the hunt for Oracle servers vulnerable to potent exploit

 In Biz & IT, cve-2020-14882, exploits, oracle, vulnerabilities, WebLogic

Hackers are on the hunt for Oracle servers vulnerable to potent exploit

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Photograph of computer server.

Enlarge (credit: Victorgrigas)

Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.

“At this point, we are seeing the scans slow down a bit,” Ullrich wrote in a post. “But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised.”

Read 5 remaining paragraphs | Comments

Code-execution bug has severity rating of 9.8 out of 10; little skill needed to exploit.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt