• Login
  • Let's Talk
  • Login
  • Let's Talk
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Careers
    • Leadership
    • Industries
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Partners
    • Reseller Partners
    • Technology Partners
  • Resources
    • Resource Library
    • News & Events
    • Insider Blog
  • Contact
    • Let's Talk
    • Customer Login
    • Partner Login
  • Linkedin
  • Twitter
06.20.19

Vulnerability SPOT Report

SPOT Report - WebLogic Remote Code Execution

By Jen O'Neil

Overview

Oracle has released another out of band patch for a zero day vulnerability, CVE-2019-2725, on June 19, 2019. This zero-day is a lot like the last WebLogic vulnerability that was released in April 2019. Both of these vulnerabilities involve a bug in the data deserialization process that happens inside WebLogic servers when content is reverted from binary form back into its original form. Both vulnerabilities allow attackers to exploit this process and run code on affected systems. The attacker does not need to know a remote server’s credentials to run an exploit against it.

Potential Impact

Much like previous WebLogic vulnerabilities, this flaw can theoretically be used to install ransomware, cryptojacking, or Bitcoin miners. Since it is remote code execution, the possibilities for use are very broad.

Mitigation

Some WebLogic users are mitigating against this and future vulnerabilities by disabling Asynchronous Request-Response and Web Service Atomic Transactions applications entirely. This could have other implications, but controlling access to these applications via firewall or network policy at the very least would be wise. Oracle is fixing these vulnerabilities by blacklisting specific classes, which leaves WebLogic open to similar flaws being discovered in the future.

Protecting these applications by means other than patching would be a good practice, as it would decrease the need for emergency patching should other flaws surface. Being diligent about applying Oracle’s quarterly updates to WebLogic should be considered a best practice. Oracle releases updates on the Tuesday closest to the 17th of January, April, July, and October.

Detection

To detect this vulnerability, scan your servers, especially public-facing servers, using Tenable Plugin IDs 124338 and 124337, or Qualys QID 87386.

If you are a Vulnerability Management customer with deepwatch, your vulnerability management SME will communicate with you in regards to which assets are considered vulnerable to you in your environment.

Managing Risk

All organizations should put the patch into place as soon as possible due to this vulnerability being used in the wild at this time.

Contributors

Jen O’Neil, Vulnerability Management SME
Dave Farquhar, Vulnerability Management SME

Supporting Information

  • https://www.helpnetsecurity.com/2019/06/19/cve-2019-2729/
  • https://www.zdnet.com/article/oracle-patches-another-actively-exploited-weblogic-zero-day/
  • https://arstechnica.com/information-technology/2019/06/oracle-issues-emergency-update-to-patch-actively-exploited-weblogic-flaw/
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
  • Share by Mail

Subscribe to the deepwatch Insider Blog

Related Posts

Vulnerability SPOT Report

11.04.20

Oracle WebLogic Vulnerability

read more

Vulnerability SPOT Report

10.19.20

ZeroLogon Threat Review

read more

Vulnerability SPOT Report

10.14.20

Bad Neighbor Vulnerability

read more

let’s talk.

let’s talk.

deepwatch delivers results-driven managed security services by extending customers’ cybersecurity teams and proactively advancing their SecOps maturity. Powered by its cloud SecOps platform, deepwatch is trusted by leading global organizations to provide 24/7/365 managed security services.

deepwatch Footer Certification Icons
TRUSTe
  • Linkedin
  • Twitter
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Leadership
    • Careers
    • Industries
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Resources
    • Resource Library
    • News & Events
    • Insider Blog
  • Partners
    • Reseller Partners
    • Technology Partners
  • Contact
    • Let's Talk
    • Customer Login
    • Partner Login
  • Services
    • Managed Detection & Response
    • Managed Endpoint Detection & Response
    • Vulnerability Management
  • Company
    • About Us
    • Leadership
    • Careers
    • Industries
  • Contact
    • Let's Talk
    • Customers Login
    • Partner Login
  • Differentiators
    • Squad Delivery Model
    • Cloud SecOps Platform
    • Maturity Model
    • Content Library
    • Threat Hunting
    • Lens Score
  • Resources
    • Resource Library
    • News & Events
    • Insights Blog
  • Partners
    • Reseller Partners
    • Technology Partners
Top

© Copyright 2021 deepwatch incorporated

Sitemap | Privacy Policy

Top
Scroll to top