Thursday, 12 November 2015

Oracle Warns Of Zero-Day Vulnerability In WebLogic Server

Software company Oracle has a warning issued to a zero-day vulnerability in Oracle WebLogic Server and the Apache Commons Library, which can take over a vulnerable attacker WebLogic Servers and a security update is not yet available.

The problem is caused by a vulnerability in the Apache Commons Library. This is a project of the Apache Software Foundation provides a number of commonly used Java components. Several products from Oracle and other software vendors and open source software projects, making this library use. Internet is now published detailed information about the vulnerability and how to use.

Besides Oracle WebLogic Server is the additional problem with the WebSphere Application Server, JBoss Application Server, Jenkins and OpenNMS. In the case of WebLogic Server is the vulnerability to attack from a distance and does not require authentication. In case the attack is successful, the attacker could execute arbitrary code in Oracle WebLogic Server. In anticipation of an emergency patch, Oracle temporarily advice put online and advises customers to update, once available, as fast to install as possible.

No comments:

Post a Comment