Published on Friday, 27 July 2018 11:04Background
Oracle WebLogic Server (WLS) is a Java Enterprise Edition Application server by Oracle Corporation.
Oracle announced a critical patch update to address a Vulnerability (CVE-2018-2893) found in its WebLogic Server after researchers reported the flaw. This flaw affects the product’s WLS Core Components subcomponent.
This vulnerability (CVE-2018-2893) has a Common Vulnerability Score System (CVSS) severity base score of 9.8 out of the maximum 10.
The following versions of Oracle WLS are affected:
An unauthenticated attacker with network access via T3* transport protocol using port 7100 could easily exploit this vulnerability to compromise unpatched core components of the Oracle WLS. A successful exploit allows the attacker to execute arbitrary commands remotely to gain elevated privileges, resulting in a takeover of the Oracle WLS.
*T3 is Oracle's proprietary protocol.
•Server owners are advised to apply the Critical Patch Update issued by Oracle in July 2018, especially patches for CVE-2018-2893.
•Server owners who have not applied the patch update may want to block external access to port 7100 on their routers.