Hackers are on the hunt for Oracle WebLogic servers vulnerable to CVE-2020-14882

Hackers are on the hunt for Oracle WebLogic servers vulnerable to CVE-2020-14882

Hackers are actively scanning the internet for Oracle WebLogic instances not yet patched for the CVE-2020-14882 vulnerability, which allows unauthenticated attackers to take over the system by sending a simple HTTP GET request.


The flaw has been assigned a CVSS score of 9.8, it affects Oracle WebLogic versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Oracle patched this vulnerability as part of Critical Patch Update released this month.


The warning comes from researchers at the SANS Technology Institute who detected attacks exploiting CVE-2020-14882 against their honeypots shortly after the proof-of-concept code for CVE-2020-14882 was made publicly available.


According to Johannes Ullrich, Dean of Research at SANS, the exploit attempts on the honeypots came from the following IP addresses:



  • 114.243.211.182 - assigned to China Unicom




  • 139.162.33.228 - assigned to Linode (U.S.A.)




  • 185.225.19.240 - assigned to MivoCloud (Moldova)




  • 84.17.37.239 - assigned to DataCamp Ltd (Hong Kong)



  • Ullrich said that the exploit attempts on the honeypots only probe the systems to determine if they are vulnerable.


    Spyse engine search results for Oracle WebLogic servers showed that there are more than 3,000 Oracle WebLogic servers reachable over the public internet and potentially vulnerable to CVE-2020-14882.



    Support the originator by clicking the read the rest link below.