Oracle rushes emergency fix for critical web logic
By MYBRANDBOOK
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server.
Additional fixes add that the original patch was released as part of the company's October 2020 security updates as a fix for vulnerability, tracked as CVE-2020-14882, while the new patch, tracked as CVE-2020-14750.
CVE-2020-14882, if exploited, can allow an attacker to execute malicious code on one of Oracle's WebLogic servers with elevated privileges before its authentication kicks in.
Though, this vulnerability can be easily exploited by sending a booby-trapped HTTP GET request to the management console of a WebLogic server.
Once Oracle released a patch for the vulnerability, proof-of-concept (PoC) exploit code was made public and cybercriminals have already started using it to launch attacks against vulnerable servers.
In fact, the SANS Internet Storm Center (ISC) reported that attackers had already launched attacks against its WebLogic honeypots.
“Oracle tried to fix the path traversal bug in the WebLogic console (CVE-14882) by introducing a patch that blacklisted path traversal. They had good reason to do it in a hurry (attacks already in the wild). In Oracle's rush to fix it, they made a pretty simple error: attackers could avoid the new path traversal blacklist (and thus bypass the patch) by ... wait for it... changing the case of a character in their request,” said Brett Winterford, Editor at Risky. Biz in the tweet.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Puneet Chandok
Puneet Chandok is President, Microsoft India & South Asia and is respo...
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
Icons Of India : NATARAJAN CHANDRASEKARAN
Natarajan Chandrasekaran (Chandra) is the Chairman of Tata Sons, the h...
EESL - Energy Efficiency Services Limited
EESL is uniquely positioned in India’s energy sector to address ener...
IOCL - Indian Oil Corporation Ltd.
IOCL is India’s largest oil refining and marketing company ...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated
Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...