"CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability"
Due to the recent exploitation of an old Oracle WebLogic flaw by China-based hackers to deploy cryptocurrency miners, the US Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog. The Oracle WebLogic Server vulnerability enables unauthenticated attackers to access or modify critical data and execute OS commands. Attackers can perform Remote Code Execution via specially crafted HTTP requests. This article continues to discuss the CISA's addition of an old Oracle WebLogic flaw, tracked as CVE-2017-3506, to its KEV catalog.
SecurityWeek reports "CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability"
Submitted by grigby1
Submitted by grigby1 CPVI
on