Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw (arstechnica.com) 26

Posted by BeauHD on Wednesday June 19, 2019 @06:10PM from the out-of-band dept.

An anonymous reader quotes a report from Ars Technica: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. The vulnerability, tracked as CVE-2019-2729, allows an attacker to run malicious code on the WebLogic server without any need for authentication. That capability earned the vulnerability a Common Vulnerability Scoring System score of 9.8 out of 10. The vulnerability is a deserialization attack targeting two Web applications that WebLogic appears to expose to the Internet by default -- wls9_async_response and wls-wsat.war. The flaw in Oracle's WebLogic Java application servers came to light as a zero-day four days ago when it was reported by security firm KnownSec404.

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 26 Comments Log In/Create an Account

Comments Filter:

- Re: (Score:2)
  
  by jfdavis668 ( 1414919 ) writes:
  
  They're gonna take the law into their own hands...
- Re: Weblogic law? (Score:2)
  
  by Eric.pl ( 79488 ) writes:
  
  I fought the Weblogic law and the Oracle law won..
FLAW not LAW (Score:4, Informative)

by JustAnotherOldGuy ( 4145623 ) writes: on Wednesday June 19, 2019 @06:24PM (#58790662) Journal

"Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Law"
"FLAW" not "LAW".
Editors needed, apply within.

- Re: (Score:2)
  
  by Tablizer ( 95088 ) writes:
  
  "flaw" is flawed. What an iromy.
- Re: (Score:1)
  
  by Anonymous Coward writes:
  
  What did you expect from BlowHD?
- Re: (Score:2)
  
  by sad_ ( 7868 ) writes:
  
  would be much more insteresting if an actual law was being exploited though.
- It's better that way. Mathematically. (Score:2)
  
  by sabbede ( 2678435 ) writes:
  
  As everyone knows, one funny mistake in a headline is worth three truths. Even though the error cancels out one truth, we're still ahead by two. A.K.A - Profit!
Here comes the Judge (Score:1)

by Anonymous Coward writes:

Oracle has broken the Law.
updates are not free with them! (Score:2)

by Joe_Dragon ( 2206452 ) writes:

updates are not free with them!
Uncle Larry hard at work patching his yachts (Score:3)

by WaffleMonster ( 969671 ) writes: on Wednesday June 19, 2019 @07:34PM (#58790902)

Normally Oracle releases updates to patch hundreds of vulnerabilities at once who get queued up for three months at a time giving attackers plenty of time to hone their script kiddy skillz before the next cycle begins.
I think Oracle should have more "courage" and just wait till the next drop like they always do.

Oh no! (Score:2)

by Tablizer ( 95088 ) writes:

All 7 users of the product are going to be so pissed.
Logic Flaw (Score:2)

by StormReaver ( 59959 ) writes:

Using Oracle's database is the logic flaw to rule them all.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw (arstechnica.com) 26

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw More Login

Oracle Issues Emergency Update To Patch Actively Exploited WebLogic Flaw

Re: (Score:2)

Re: Weblogic law? (Score:2)

FLAW not LAW (Score:4, Informative)

Re: (Score:2)

Re: (Score:1)

Re: (Score:2)

It's better that way. Mathematically. (Score:2)

Here comes the Judge (Score:1)

updates are not free with them! (Score:2)

Uncle Larry hard at work patching his yachts (Score:3)

Oh no! (Score:2)

Logic Flaw (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot