How to Prevent Oracle WebLogic Server Vulnerability
by Stephen la Rocca
Business Development, PITSS GmbH
The US IT security company Greynoise is currently reporting heavily increased scanning activity for vulnerable WebLogic servers.
Although there are already updates available for these which apparently can already be bypassed by the attackers, the updates do not solve the crux of the problem. Particularly critical seems to be the vulnerability with the identifier CVE-2018-2628.
GreyNoise has observed a large spike in devices scanning the Internet for TCP port 7001 beginning last week on 4/16/18. This activity corresponds directly with the disclosure (4/18/2018) and weaponization (4/18/18) of Oracle WebLogic CVE-2018-2628. Ref: https://t.co/3qdeQSF59T
— GreyNoise Intelligence (@GreyNoiseIO) April 24, 2018
Close the vulnerability and block TCP port 7001
If you use Oracle WebLogic Server, you should definitely take action. On one hand, the latest version must be installed as soon as possible. That alone does not seem to be enough.
Security researcher Kevin Beaumant warns that the most recent patch did not close the actual vulnerability, but merely blacklisted certain commands. Therefore, it is important to additionally block TCP port 7001 in order to avoid external access.
Oh dear. There’s a zero day in Oracle WebLogic because the April patch didn’t fix the issue properly. Mitigation: make sure port 7001 TCP is blocked inbound to your Fusion stack boxes. https://t.co/EqjqMwzXNp
— Kevin Beaumont (@GossiTheDog) April 29, 2018
If you’re looking for help updating, modernizing, and securing your vulnerable WebLogic server, contact PITSS today.
The post Preventing Oracle WebLogic Server Vulnerability appeared first on PITSS US - Oracle Forms Upgrade, Forms to ADF, Forms to APEX, Migration.