Oracle has launched an emergency patch to deal with a vulnerability in its WebLogic servers after a earlier patch may simply be bypassed by an attacker.
The unique patch was launched as a part of the corporate’s October 2020 safety updates as a repair for a vulnerability, tracked as CVE-2020-14882, whereas the brand new patch, tracked as CVE-2020-14750, provides extra fixes.
If exploited, CVE-2020-14882 can permit an attacker to execute malicious code on one in all Oracle’s WebLogic servers with elevated privileges earlier than its authentication kicks in. Unfortunately, this vulnerability could be simply exploited by sending a booby-trapped HTTP GET request to the administration console of a WebLogic server.
Once Oracle launched a patch for the vulnerability, proof-of-concept (PoC) exploit code was made public and cybercriminals have already began utilizing it to launch assaults in opposition to susceptible servers. In truth, the SANS Internet Storm Center (ISC) reported that attackers had already launched assaults in opposition to its WebLogic honeypots.
Patching a nasty patch
Editor at Risky.Biz Brett Winterford offered additional perception on what went flawed with Oracle’s preliminary patch in a tweet, saying:
“Oracle tried to fix the path traversal bug in the WebLogic console (CVE-14882) by introducing a patch that blacklisted path traversal. They had good reason to do it in a hurry (attacks already in the wild). In Oracle’s rush to fix it, they made a pretty simple error: attackers could avoid the new path traversal blacklist (and thus bypass the patch) by … wait for it… changing the case of a character in their request.”
This signifies that the unique patch for CVE-2020-14882 may very well be bypassed by an attacker just by altering the case of a single character in the PoC exploit. Once WebLogic servers started being attacked in the wild, Oracle issued a second set of patches to deal with the vulnerability as soon as and for all.
Organizations working WebLogic servers ought to set up the second patch to guard their units from each the unique vulnerability and its bypass.