Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw (arstechnica.com) 26
An anonymous reader quotes a report from Ars Technica: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. The vulnerability, tracked as CVE-2019-2729, allows an attacker to run malicious code on the WebLogic server without any need for authentication. That capability earned the vulnerability a Common Vulnerability Scoring System score of 9.8 out of 10. The vulnerability is a deserialization attack targeting two Web applications that WebLogic appears to expose to the Internet by default -- wls9_async_response and wls-wsat.war. The flaw in Oracle's WebLogic Java application servers came to light as a zero-day four days ago when it was reported by security firm KnownSec404.
Re: (Score:2)
Re: Weblogic law? (Score:2)
I fought the Weblogic law and the Oracle law won..
FLAW not LAW (Score:4, Informative)
"Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Law"
"FLAW" not "LAW".
Editors needed, apply within.
Re: (Score:2)
"flaw" is flawed. What an iromy.
Re: (Score:1)
What did you expect from BlowHD?
Re: (Score:2)
would be much more insteresting if an actual law was being exploited though.
It's better that way. Mathematically. (Score:2)
Here comes the Judge (Score:1)
Oracle has broken the Law.
updates are not free with them! (Score:2)
updates are not free with them!
Uncle Larry hard at work patching his yachts (Score:3)
Normally Oracle releases updates to patch hundreds of vulnerabilities at once who get queued up for three months at a time giving attackers plenty of time to hone their script kiddy skillz before the next cycle begins.
I think Oracle should have more "courage" and just wait till the next drop like they always do.
Oh no! (Score:2)
All 7 users of the product are going to be so pissed.
Logic Flaw (Score:2)
Using Oracle's database is the logic flaw to rule them all.