Oracle rushes emergency fix for critical web logic
By MYBRANDBOOK
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server.
Additional fixes add that the original patch was released as part of the company's October 2020 security updates as a fix for vulnerability, tracked as CVE-2020-14882, while the new patch, tracked as CVE-2020-14750.
CVE-2020-14882, if exploited, can allow an attacker to execute malicious code on one of Oracle's WebLogic servers with elevated privileges before its authentication kicks in.
Though, this vulnerability can be easily exploited by sending a booby-trapped HTTP GET request to the management console of a WebLogic server.
Once Oracle released a patch for the vulnerability, proof-of-concept (PoC) exploit code was made public and cybercriminals have already started using it to launch attacks against vulnerable servers.
In fact, the SANS Internet Storm Center (ISC) reported that attackers had already launched attacks against its WebLogic honeypots.
“Oracle tried to fix the path traversal bug in the WebLogic console (CVE-14882) by introducing a patch that blacklisted path traversal. They had good reason to do it in a hurry (attacks already in the wild). In Oracle's rush to fix it, they made a pretty simple error: attackers could avoid the new path traversal blacklist (and thus bypass the patch) by ... wait for it... changing the case of a character in their request,” said Brett Winterford, Editor at Risky. Biz in the tweet.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
TALLY SOLUTIONS PVT. LTD.
SAMSUNG INDIA ELECTRONICS PVT. LTD.
STERLITE TECHNOLOGIES LTD.
IBALL WORLDWIDE PVT. LTD.
Technology Icons Of India 2023: Madhabi Puri Buch
Madhabi Puri Buch is the chairperson of the securities regulatory body...
Technology Icons Of India 2023: Harsh Jain
Harsh Jain is an Indian Entrepreneur, the co-founder and CEO of the In...
Technology Icons Of India 2023: Nikhil Rathi
Nikhil Rathi, Co-founder & CEO of Web Werks, a global leader in Data C...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
M. TECH SOLUTIONS (I) PVT. LTD.
M.Tech is a leading cyber security and network performance solutions ...
TECHNOBIND SOLUTIONS PVT. LTD.
TechnoBind’s business model is focused on identifying and partnering...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...