12 matches found
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware...
The Bug Report - June 2024 Edition
The Bug Report - June 2024 Edition By Jonathan Omakun & Tobi Olawale · June 27, 2024 Why am I Here Welcome back to The Bug Report, the "so hot the server fans are sweating" edition! For those who are new to our monthly adventure, every month, our dedicated Advanced Research Center vulnerability...
Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2017-3506 CVSS score: 7.4, the issue concerns an operati...
Decoding Water Sigbin's Latest Obfuscation Tricks
Water Sigbin aka the 8220 Gang exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against...
8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency
The notorious cryptojacking group tracked as 8220 Gang has been spotted weaponizing a six-year-old security flaw in Oracle WebLogic servers to ensnare vulnerable instances into a botnet and distribute cryptocurrency mining malware. The flaw in question is CVE-2017-3506 CVSS score: 7.4, which, whe...
MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-3506]
Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on https://raebilling.mtn.co.za. Steps To Reproduce To reproduce, try this request with BurpSuite This request to the https://raebilling.mtn.co.za/wls-wsat/RegistrationRequesterPortType will trigg...
Exploit for Injection in Oracle Agile_Plm
CVE-2019-2725 WebLogic Universal Exploit - CVE-2017-3506 / CVE...
CVE-2017-3506
creationtimestamp| type| source ---|---|--- 2018-09-19 17:29:15+00:00| seen| MISP/5ba281fe-cc88-4bf3-a9ef-3c290a021402 2019-06-20 12:20:36+00:00| seen| https://t.me/Pen7esting/216 2020-10-09 16:07:00+00:00| seen| MISP/fab9047e-3eb6-4d8e-a967-65c02cd3e253 2023-05-18 12:43:27+00:00| exploited|...
Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271; CVE-2017-3506)
A remote code execution vulnerability exists within Oracle WebLogic WLS. This is due to the way Oracle WebLogic handles xml decodes. A successful attack could lead to a remote code execution...
CVE-2017-3506
CVE-2017-3506 is a remote code execution vulnerability in Oracle WebLogic Server (WLS) via the wls-wsat XMLDecoder path. Affected versions include 10.3.6.0, 12.1.3.0, 12.2.1.0/1/2. The root cause is unsafe deserialization of XML data through XMLDecoder, which can allow an unauthenticated attacker...
Oracle WebLogic Server Multiple Vulnerabilities (cpuapr2017)
Oracle WebLogic Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bea:weblogicserver";...