{"id":11311,"date":"2018-05-22T10:16:34","date_gmt":"2018-05-22T14:16:34","guid":{"rendered":"https:\/\/pitss.org\/us\/?p=11311"},"modified":"2018-07-26T10:36:41","modified_gmt":"2018-07-26T14:36:41","slug":"preventing-oracle-weblogic-server-vulnerability","status":"publish","type":"post","link":"https:\/\/pitss.org\/us\/2018\/05\/22\/preventing-oracle-weblogic-server-vulnerability\/","title":{"rendered":"Preventing Oracle WebLogic Server Vulnerability"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”3.2.2″ custom_padding=”0px||0px||true”][et_pb_row custom_padding=”0px|||” _builder_version=”3.2.2″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.2.2″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.2.2″]<\/p>\n

How to Prevent Oracle WebLogic Server Vulnerability<\/h1>\n

[\/et_pb_text][et_pb_team_member name=”by Stephen la Rocca” position=”Business Development, PITSS GmbH” image_url=”https:\/\/pitss.org\/de\/wp-content\/uploads\/sites\/9\/2017\/10\/stephan_2.jpg” _builder_version=”3.2.2″ header_font=”||||||||” header_text_align=”left” header_text_color=”#333333″ header_font_size=”22px” body_font=”||||||||” body_text_color=”#888888″ background_color=”#e7e6e6″ border_radii=”on|5px|5px|5px|5px” border_radii_image=”on|100%|100%|100%|100%” custom_margin=”||30px|” custom_padding=”20px|20px|20px|20px|true|true” custom_css_member_image=”width: 100px; margin-right: 20px; ” custom_css_title=”margin-top: 18px; ” custom_css_member_position=”padding: 0;” custom_css_member_social_links=”display: none;”]
\n[\/et_pb_team_member][et_pb_text _builder_version=”3.2.2″ custom_margin=”40px||40px||true”]<\/p>\n

The US IT security company Greynoise<\/strong><\/a> is currently reporting heavily increased scanning activity for vulnerable WebLogic servers.<\/p>\n

Although there are already updates available for these which apparently can already be bypassed by the attackers, the updates do not solve the crux of the problem. Particularly critical seems to be the vulnerability with the identifier CVE-2018-2628.<\/p>\n

[\/et_pb_text][et_pb_code _builder_version=”3.2.2″]<blockquote class=”twitter-tweet” data-lang=”en”><p lang=”en” dir=”ltr”>GreyNoise has observed a large spike in devices scanning the Internet for TCP port 7001 beginning last week on 4\/16\/18. This activity corresponds directly with the disclosure (4\/18\/2018) and weaponization (4\/18\/18) of Oracle WebLogic CVE-2018-2628. Ref: <a href=”https:\/\/t.co\/3qdeQSF59T”>https:\/\/t.co\/3qdeQSF59T<\/a><\/p>\u2014 GreyNoise Intelligence (@GreyNoiseIO) <a href=”https:\/\/twitter.com\/GreyNoiseIO\/status\/988685136035307520?ref_src=twsrc%5Etfw”>April 24, 2018<\/a><\/blockquote><!– [et_pb_line_break_holder] –><script async src=”https:\/\/platform.twitter.com\/widgets.js” charset=”utf-8″><\/script><!– [et_pb_line_break_holder] –><style type=”text\/css”><!– [et_pb_line_break_holder] –>.entry-content .twitter-tweet-rendered {<!– [et_pb_line_break_holder] –> max-width: 100% !important;<!– [et_pb_line_break_holder] –>}<!– [et_pb_line_break_holder] –><\/style>[\/et_pb_code][et_pb_text _builder_version=”3.2.2″ custom_margin=”40px||40px||true”]<\/p>\n

Close the vulnerability and block TCP port 7001<\/strong><\/h3>\n

If you use Oracle WebLogic Server, you should definitely take action. On one hand, the latest version must be installed as soon as possible. That alone does not seem to be enough.<\/p>\n

Security researcher Kevin Beaumant<\/a><\/strong> warns that the most recent patch did not close the actual vulnerability, but merely blacklisted certain commands. Therefore, it is important to additionally block TCP port 7001 in order to avoid external access.<\/p>\n

[\/et_pb_text][et_pb_code _builder_version=”3.2.2″]<blockquote class=”twitter-tweet” data-lang=”en”><p lang=”en” dir=”ltr”>Oh dear. There\u2019s a zero day in Oracle WebLogic because the April patch didn\u2019t fix the issue properly. Mitigation: make sure port 7001 TCP is blocked inbound to your Fusion stack boxes. <a href=”https:\/\/t.co\/EqjqMwzXNp”>https:\/\/t.co\/EqjqMwzXNp<\/a><\/p>\u2014 Kevin Beaumont (@GossiTheDog) <a href=”https:\/\/twitter.com\/GossiTheDog\/status\/990621460476649472?ref_src=twsrc%5Etfw”>April 29, 2018<\/a><\/blockquote><!– [et_pb_line_break_holder] –><script async src=”https:\/\/platform.twitter.com\/widgets.js” charset=”utf-8″><\/script><!– [et_pb_line_break_holder] –><style type=”text\/css”><!– [et_pb_line_break_holder] –>.entry-content .twitter-tweet-rendered {<!– [et_pb_line_break_holder] –> max-width: 100% !important;<!– [et_pb_line_break_holder] –>}<!– [et_pb_line_break_holder] –><\/style>[\/et_pb_code][et_pb_divider color=”#e7e6e6″ divider_position=”center” divider_weight=”0px” height=”5px” _builder_version=”3.2.2″ custom_margin=”50px||50px||true” custom_css_main_element=”border-radius: 10px; background: #e7e6e6;”][\/et_pb_divider][et_pb_text _builder_version=”3.2.2″]<\/p>\n

If you\u2019re looking for help updating, modernizing, and securing your vulnerable WebLogic server, contact PITSS today.<\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

How to Prevent Oracle WebLogic Server Vulnerability The US IT security company Greynoise is currently reporting heavily increased scanning activity for vulnerable WebLogic servers. Although there are already updates available for these which apparently can already be bypassed by the attackers, the updates do not solve the crux of the problem. Particularly critical seems to […]<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[71],"tags":[],"class_list":["post-11311","post","type-post","status-publish","format-standard","hentry","category-weblogic-software"],"_links":{"self":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/11311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/comments?post=11311"}],"version-history":[{"count":9,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/11311\/revisions"}],"predecessor-version":[{"id":11790,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/11311\/revisions\/11790"}],"wp:attachment":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/media?parent=11311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/categories?post=11311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/tags?post=11311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}