Oracle WebLogic Vulnerability Targeted One Week After Patching

A vulnerability patched one week ago by Oracle in its WebLogic Server product has already been targeted for exploitation.

The security hole, tracked as CVE-2020-14882 and classified as critical, was patched by Oracle with its October 2020 Critical Patch Update (CPU). The vulnerability can be exploited remotely and without authentication, allowing an attacker to execute arbitrary code.

The issue was reported to Oracle by a researcher at China-based Chaitin Security Research Lab. On Wednesday, a Vietnamese researcher named Jang published a blog post detailing CVE-2020-14882 (written in Vietnamese) and he showed how easily it can be exploited by sending a specially crafted request to the targeted server.

[embedded content]

The SANS Technology Institute reported on Thursday that its honeypots have recorded attempts to exploit this WebLogic vulnerability. Johannes B. Ullrich, dean of research at SANS, said the exploitation attempts appeared to be based on the PoC made public by the Vietnamese researcher.

Ullrich said the attacks that hit SANS honeypots only checked if the system was vulnerable, but others reported seeing exploitation attempts that involved downloading an executable file from a remote server and running it.

The attacks seen by SANS came from four IP addresses assigned to organizations in China, the US and Moldova.

“At this point, we are seeing the scans slow down a bit. But they have reached ‘saturation’ meaning that a ..