MY BRAND BOOK Oracle rushes emergency fix for critical web logic

Oracle rushes emergency fix for critical web logic

By MYBRANDBOOK

Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server.

Additional fixes add that the original patch was released as part of the company's October 2020 security updates as a fix for vulnerability, tracked as CVE-2020-14882, while the new patch, tracked as CVE-2020-14750.

CVE-2020-14882, if exploited, can allow an attacker to execute malicious code on one of Oracle's WebLogic servers with elevated privileges before its authentication kicks in.

Though, this vulnerability can be easily exploited by sending a booby-trapped HTTP GET request to the management console of a WebLogic server.

Once Oracle released a patch for the vulnerability, proof-of-concept (PoC) exploit code was made public and cybercriminals have already started using it to launch attacks against vulnerable servers.

In fact, the SANS Internet Storm Center (ISC) reported that attackers had already launched attacks against its WebLogic honeypots.

“Oracle tried to fix the path traversal bug in the WebLogic console (CVE-14882) by introducing a patch that blacklisted path traversal. They had good reason to do it in a hurry (attacks already in the wild). In Oracle's rush to fix it, they made a pretty simple error: attackers could avoid the new path traversal blacklist (and thus bypass the patch) by ... wait for it... changing the case of a character in their request,” said Brett Winterford, Editor at Risky. Biz in the tweet.

BREAKING NEWS

Elon Musk Merges X with xAI in $33 Billion Stock Deal...

Elon Musk has made waves once again by merging X (formerly Twitter) with...

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu...

The scheme aims to attract an investment of INR 59,350 Cr, resulting in pro...

Govt Drops Import Duty making EV Batteries cheaper...

The Centre is taking measures to counter the impact of US President Donald ...

CERT-In’s New Advisory Unveils Hidden Cyber Threats...

The advisory highlights critical vulnerabilities in AI models, outlines mul...

TECHNO TRENDS

Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

The outcome of the legal dispute between X Corp and the Indian government c...

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

The agreement, executed through Wipro and its 100% subsidiary,...

Centre announces that DPDP Rules nearing Finalisation by April

The government seeks to refine the rules for robust data protection, ensuri...

Home Ministry cracks down on PoS agents in digital arrest scam

Digital arrest scams are a growing cybercrime where victims are coerced or ...

E-Magazine

TECHNOTAINMENT

For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

Hrithik Roshan to endorse RuPay as Brand Ambassador

RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha

India Today Group launches – AI Pop Stars

Staying true to our industry leadership position in using cutting-edge tech

MOVERS & SHAKERS

Cloudflare Promotes Goran Risticevic as VP & MD for APAC

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE

Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s

OPEN YOUR EYES

Capitalising on agility to win the digital banking competition

Urgency In Refuelling Digital Transformation For Customizing Needs

COVID-19 Brings Opportunity For Businesses To Tide Over The Current Crisis

Waiting For A Cybersecurity disaster to happen

Digital economy is at risk with the growing cyber attacks

INTERVIEWS

Alpha Max offers high end solutions in the network space to en

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

HOT PICK

ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

MSI Announces the availability of RTX 50 series of laptops in

MSI, the innovative computing manufacturer in gaming, creator

Nothing Phone (3a) goes on sale today, starting at Rs 19,999

The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t

MAKE IN INDIA BRANDS

ACER INDIA PVT. LTD.

ZOHO CORPORATION PVT. LTD.

SAMSUNG INDIA ELECTRONICS LTD.

DRUVA SOFTWARE PVT. LTD.

EMINENT CIO'S OF INDIA

STRATEGIC FRAMEWORK FOR SUSTAINABLE BUSINESS EXPANSION IS PATHWAY TO PROSPERITY

Accelerate the adoption of AI and machine learning...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

AI SYSTEMS ARE ENABLING A SEISMIC SHIFT IN THE WORLD OF CYBERSECURITY

AI’s analytical prowess enables it to analyze an...

ICONS OF INDIA

Icons Of India : NIKHIL RATHI

Co-founder & CEO of Web Werks, a global leader in Data Centers and Clo...

SHAKTIKANTA DAS

Shaktikanta Das is serving as the current & 25th governor of the Reser...

ICONS OF INDIA : SUNIL VACHANI

Sunil Vachani is the Chairman of Dixon Technologies (India) Ltd. Under...

PARTNER SPEAKERS

Regaining its Technical Aura By Resonating Consistency & Reliability

Brand awareness metrics and KPIs help TDM Networks to monitor and analyze the ...

Competitively Viable By Ensuring Brand Loyalty & Uniformity

D M Systems always collaborates with top brands and wants to continue the same...

Fostering Positive Relationships and Enhancing Customer Satisfaction

Bloom Electronics’ data-driven insights for strategic brand decision and bra...

PSU

C-DAC - Centre for Development of Advanced Computing

C-DAC is uniquely positioned in the field of advanced computing...

ITI - ITI Limited

ITI Limited is a leading provider of telecommunications equipment, sol...

EESL - Energy Efficiency Services Limited

EESL is uniquely positioned in India’s energy sector to address ener...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024: BHARTI AIRTEL LTD.

Airtel is a global communications solutions provider serving over 500 million ...

Most Trusted Brands 2024 : AMD

Advanced Micro Devices (AMD) has been a key player in the semiconductor indust...

Most Trusted Brands 2024: Infosys Ltd.

Infosys, leverages emerging technologies and digital capabilities to help clie...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday

Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...

Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology

Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...

Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi

Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation�...

ITFORUM 2025

STARNITE AWARDS 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY