Oracle Patches Another Actively-Exploited WebLogic Zero-Day (Jun 19, 2019)
Oracle has patched a previously zero-day vulnerability in WebLogic servers. Identified as CVE-2019-2729, the vulnerability allows a threat actor to run code on a server without authentication. Similar to a recent vulnerability, CVE-2019-2725, in WebLogic, both bug exist in the deserialization process when the content is converted back to its original form from binary that can be exploited to allow for unauthenticated code execution on vulnerable systems. Threat actors are targeting corporate networks due to the high amount of installed WebLogic servers that enables them to plant crypto mining malware on the vulnerable servers.
Recommendation: The security update should be applied as soon as possible due to the high criticality rating of this vulnerability and for the potential of an actor to take control of a vulnerable system. It is crucial that your company has a patch application policy to avoid potential malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.