Skip to main content

Oracle WebLogic RCE Vulnerability

A vulnerability in Oracle's WebLogic web server could allow an unauthenticated attacker to execute arbitrary code within the affected application.
Threat ID:
CC-2342
Category:
Threat Severity:
Low
Threat Vector:
Published:
3 May 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A vulnerability in Oracle's WebLogic web server could allow an unauthenticated attacker to execute arbitrary code within the affected application.

Threat details

Oracle released a patch to rectify this vulnerability in April 2018, however it appears this has not fully fixed it. Instead of addressing the underlying issue causing the vulnerability, Oracle are blacklisting the command used to exploit it. However, several security researchers have provide details of numerous other commands which can be used in place of the original command.

For further information:

Threat updates

Date Update
14 May 2018

Security vendors have observed a large increase in the traffic to TCP port 7001 (the default port used by WebLogic). This is indicates a high likelihood that attackers are scanning and exploiting vulnerable WebLogic installations.

Remediation steps

Type Step
  • Oracle have indicated a comprehensive patch is being produced to rectify this vulnerability. Users are encouraged to update their affected systems as soon as this becomes available.
  • Block inbound connections to TCP port 7001.

CVE Vulnerabilities

Status

CVE-2018-2628

Last edited: 17 February 2020 12:51 pm