Oracle rushes emergency fix for critical web logic
By MYBRANDBOOK
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server.
Additional fixes add that the original patch was released as part of the company's October 2020 security updates as a fix for vulnerability, tracked as CVE-2020-14882, while the new patch, tracked as CVE-2020-14750.
CVE-2020-14882, if exploited, can allow an attacker to execute malicious code on one of Oracle's WebLogic servers with elevated privileges before its authentication kicks in.
Though, this vulnerability can be easily exploited by sending a booby-trapped HTTP GET request to the management console of a WebLogic server.
Once Oracle released a patch for the vulnerability, proof-of-concept (PoC) exploit code was made public and cybercriminals have already started using it to launch attacks against vulnerable servers.
In fact, the SANS Internet Storm Center (ISC) reported that attackers had already launched attacks against its WebLogic honeypots.
“Oracle tried to fix the path traversal bug in the WebLogic console (CVE-14882) by introducing a patch that blacklisted path traversal. They had good reason to do it in a hurry (attacks already in the wild). In Oracle's rush to fix it, they made a pretty simple error: attackers could avoid the new path traversal blacklist (and thus bypass the patch) by ... wait for it... changing the case of a character in their request,” said Brett Winterford, Editor at Risky. Biz in the tweet.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
VERSA NETWORKS INDIA PVT. LTD.
IBALL WORLDWIDE PVT. LTD.
SECLORE TECHNOLOGY PVT. LTD.
TVS ELECTRONICS LTD.
Technology Icons Of India 2023: Shailendra Katyal
Shailendra is instrumental in Lenovo achieving the no.1 position in PC...
Technology Icons Of India 2023: Sunil Vachani
Sunil Vachani is the founder and chairman of India-listed Dixon Techno...
Technology Icons Of India 2023: Ashish Kumar Chauhan
Ashish works as the CEO of the National Stock Exchange (NSE). He is al...
NPCI leading India towards Digital payments
The National Payments Corporation of India (NPCI) is an initiative tak...
C-DAC keeps India ahead in IT & Electronics R&D space
Centre for Development of Advanced Computing (C-DAC) is the premier R&...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
EXCLUSIVE NETWORKS SALES INDIA PVT. LTD.
Exclusive Networks is a globally trusted cybersecurity specialist hel...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...