Several security companies have detected scans over the past week that look for Oracle WebLogic servers vulnerable to a flaw that hasn't yet been patched, possibly in preparation for malicious attacks. The vulnerability is a deserialization bug that can lead to remote code execution, but it's located in a specific package called wls9_async_response that's not included by default in all WebLogic server builds. Therefore, attackers are likely running these probes to first identify servers with this component enabled that they can later attack.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]
The first to report the unpatched — zero-day — vulnerability were researchers from a China-based company called KnownSec. However, their post on Medium remained largely unnoticed until researchers from other companies like F5 Networks and Waratek also issued alerts.
To read this article in full, please click here