[SingCERT] Alert on Vulnerability in Oracle WebLogic Server (CVE-2018-2893)

Published on Friday, 27 July 2018 11:04

Background

Oracle WebLogic Server (WLS) is a Java Enterprise Edition Application server by Oracle Corporation.

Oracle announced a critical patch update to address a Vulnerability (CVE-2018-2893) found in its WebLogic Server after researchers reported the flaw.  This flaw affects the product’s WLS Core Components subcomponent.

This vulnerability (CVE-2018-2893) has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of the maximum 10.

Affected Products

The following versions of Oracle WLS are affected:

• 10.3.6.0

• 12.1.3.0

• 12.2.1.2

• 12.2.1.3

Impact

An unauthenticated attacker with network access via T3* transport protocol using port 7100 could easily exploit this vulnerability to compromise unpatched core components of the Oracle WLS. A successful exploit allows the attacker to execute arbitrary commands remotely to gain elevated privileges, resulting in a takeover of the Oracle WLS.

*T3 is Oracle's proprietary protocol.

Recommendations

•Server owners are advised to apply the Critical Patch Update issued by Oracle in July 2018, especially patches for CVE-2018-2893.

•Server owners who have not applied the patch update may want to block external access to port 7100 on their routers.

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

https://www.securityweek.com/recently-patched-oracle-weblogic-flaw-exploited-wild