Oracle WebLogic Fix can be Bypassed… Hackers to Enumerate upon the Botched Patch

No featured articles available

Check back soon for the latest updates and featured content.

Following a botched patch Oracle published earlier this month on Java Deserialization vulnerability in its WebLogic server, aggressive scanning attempts were observed across the internet for enumerating machines running Oracle WebLogic servers. There was a large spike in devices scanning the Internet for TCP port 7001 beginning last week. This activity corresponds directly with the disclosure and weaponization of Oracle WebLogic CVE-2018-2628

The bug in question, CVE-2018-2628, a critical vulnerability in the WLS core component of WebLogic, a Java EE application server, was known to be fixed in April 2018 CPU (Critical Patch Update). Over the weekend, @pyn3rd (Twitter bio claims to be “Security researcher at Alibaba Cloud), tweeted that the “critical patch update of 2018.4 can be bypassed easily”, along with a proof-of-concept (PoC). #CVE-2018-2628 Weblogic Server Deserialization Remote Command Execution. Unfortunately, the Critical Patch Update of 2018.4 can be bypassed easily. pic.twitter.com/Vji19uv4zj— pyn3rd (@pyn3rd) April 28, 2018How could this be? From @pyn3rd again:there is the difference, just use replace pic.twitter.com/xeH0Ck86G3— pyn3rd (@pyn3rd) April 29, 2018 According to InfoSec Pro Kevin Beaumont, this is because Oracle didn't fix the WebLogic issue at its core, but just blacklisted the commands used for the exploitation chain. In this case, they have missed one or more commands. Till date, the attempts were only for enumerating the volume of WebLogic servers across the web, but an active exploit could allow a remote attacker to completely take over the affected WebLogic Server. Affected Versions

WebLogic Server 10.3.6.0.0

WebLogic Server 12.1.3.0.0

WebLogic Server 12.2.1.1.0

WebLogic Server 12.2.1.2.0

Official Fix:

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

Successful CISO – Is a Business Enabler the Need of the Hour?

Behind the Job Title: Information Security Consultant

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

Oracle WebLogic Fix can be Bypassed… Hackers to Enumerate upon the Botched Patch

Following a botched patch Oracle published earlier this month on Java Deserialization vulnerability in its WebLogic server, aggressive scanning attempts were observed across the internet for enumerating machines running Oracle WebLogic servers.

Share Your Story!

No featured articles available

Following a botched patch Oracle published earlier this month on Java Deserialization vulnerability in its WebLogic server, aggressive scanning attempts were observed across the internet for enumerating machines running Oracle WebLogic servers.

Stay Updated with the Latest Cybersecurity News