Computer News & Safety – Harry Waldron Rotating Header Image

July 23rd, 2018:

Oracle Security – Weblogic CVE-2018-2893 Exploit

The recent JULY 2018 Oracle security patch CVE-2018-2893 for the Weblogic development suite is being exploited in-the-wild & all applicable corporate users should expediently patch for safety reasons

https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/

On 18-JUL-2018 Oracle released a Critical Patch Update. Yesterday exploit targeting CVE-2018-2893 impacting Oracle Weblogic Server appeared publicly. We do see first exploit attempts. The exploit attempts to download additional code from a malicious server. We are still looking at details, but it looks like the code attempts to install a backdoor. Scanning activity targeting port 7001 peaked in May of 2018 when another Weblogic vulnerability went public, unsurprisingly it was used to install crypto-miners