This Critical Oracle Vulnerability is Being Exploited in the Wild

1
0

Oracle has been forced to push out an emergency patch after the second critical vulnerability in Oracle WebLogic Server was identified in less than eight weeks. The Oracle vulnerability – rated a drop-everything-and-patch-it-now 9.8 on the CVSS risk matrix – is remotely exploitable without authentication, i.e., may (and has been)  exploited over a network without the need for a username and password.

Oracle WebLogic Server is an application server for building and deploying enterprise Java EE applications: over 40,000 web-accessible instances are at risk.

Oracle’s security alert for the vulnerability, CVE-2019-2729, describes it as a deserialisation

To see the full content, share this page by clicking one of the buttons below
0
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.