Attacks Targeting Unpatched Oracle WebLogic Servers

Threat actors are actively targeting vulnerable Oracle WebLogic servers after proof-of-concept (PoC) exploits were published last week. Attackers are exploiting CVE-2018-2893, which received a severity score of 9.8 out of 10, after Oracle made public the vulnerability on July 18 and released patches. The vulnerability allows an attacker to gain control over an entire server without having to know its password. Only days after public release of the vulnerability, three different PoC exploits were published online by various individuals, leading to a slow increase in attacks. Oracle WebLogic servers running version 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3 are vulnerable to these exploits and should be patched as soon as possible. The NJCCIC recommends administrators of affected Oracle WebLogic servers review Oracle’s Security Advisory for more information. Additionally, website owners should consider blocking access to port 7001 until servers can be patched.

AlertNJCCICOracle, WebLogic