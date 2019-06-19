Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Oracle Privacy

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Law (arstechnica.com) 26

Posted by BeauHD from the out-of-band dept.
An anonymous reader quotes a report from Ars Technica: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. The vulnerability, tracked as CVE-2019-2729, allows an attacker to run malicious code on the WebLogic server without any need for authentication. That capability earned the vulnerability a Common Vulnerability Scoring System score of 9.8 out of 10. The vulnerability is a deserialization attack targeting two Web applications that WebLogic appears to expose to the Internet by default -- wls9_async_response and wls-wsat.war. The flaw in Oracle's WebLogic Java application servers came to light as a zero-day four days ago when it was reported by security firm KnownSec404.

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Law More | Reply

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Law

Comments Filter:

Slashdot Top Deals

"When the going gets weird, the weird turn pro..." -- Hunter S. Thompson

Close