Information security specialists from Qihoo 360 Netlab reported that Oracle WebLogic servers were attacked by cybercriminals. It is known that the purpose of attacks were systems that did not have a recently released patch fixing the critical vulnerability of CVE-2018-2893.
The CVE-2018-2893 vulnerability is a flaw in the Oracle WebLogic software component that allows a hacker to subordinate a server and execute arbitrary code, and he does not need to know the password from the device to perform all actions.
On July 18, 2018, Oracle published an update that addresses a number of vulnerabilities. But after three days several PoC-codes got into the web, two of which are still on the Internet. After the spread of information about the existence of exploits, on July 21, the first attacks began.
Experts believe that there are at least two groups of hackers who may have managed to automate their actions to exploit vulnerabilities for their own purposes.
The vulnerability was found in the versions of Oracle WebLogic 10.3.6.0, 220.127.116.11, 18.104.22.168 and 22.214.171.124. Employees of the company recommend to the owners of servers for security to quickly install an update released in July 2018, which closes security holes in Java SE, VirtualBox, MySQL and other tools.