Oracle Vulnerability

Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2024-21216)

novembro 8, 2024

Overview Recently, NSFOCUS CERT detected that Oracle issued a security announcement and fixed the deserialization vulnerability in WebLogic Server (CVE-2024-21216). Since WebLogic does not strictly filter incoming data through the T3/IIOP protocol, when the T3/IIOP protocol is enabled, an unauthenticated remote attacker sends a special request to the server through the T3/IIOP protocol to execute […]

Oracle Products Key Patches Update Notice for July 2023

julho 19, 2023

Overview On July 19, NSFOCUS CERT found that Oracle officially released the Critical Patch Update in July with 508 vulnerabilities included. This security update involved Oracle WebLogic Server, Oracle MySQL, Oracle Financial Services Applications, Oracle Enterprise Manager, Oracle Retail Applications and other commonly used products. Oracle strongly recommends its customers apply critical patches to update […]

Critical Patch Update Notice for All Oracle Products in April 2022

abril 21, 2022

Overview On April 20, 2022, NSFOCUS’s CERT monitoring found that Oracle officially released the April Critical Patch Update announcement CPU (Critical Patch Update). A total of 520 vulnerabilities of varying degrees were fixed. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications and many other common […]

Oracle July 2021 Critical Patch Update for All Product Families

agosto 2, 2021

Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends that users fix these […]

Oracle January 2021 Critical Patch Update for All Product Families

janeiro 24, 2021

Overview

On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle WebLogic Server, Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, Oracle Enterprise Manager, and Oracle Systems. Oracle strongly recommends users fix these vulnerabilities by applying Critical Patch Update patches as soon as possible.

(mais…)

Oracle October 2020 Critical Patch Update for All Product Families Threat Alert

outubro 31, 2020

Overview

On October 20, 2020, local time, Oracle released Critical Patch Update (CPU) for October 2020, its own security advisories, and third-party security bulletins, which fix 402 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.

For complete information, see Oracle’s official security advisory from the following link:

https://www.oracle.com/security-alerts/cpuoct2020.html
(mais…)

Oracle July 2020 Critical Patch Update for All Product Families Threat Alert

julho 31, 2020

Overview

On July 14, 2020 local time, Oracle released its July 2020 Critical Patch Update (CPU), its own security advisories, and third-party security bulletins, which fix 443 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.

(mais…)

Oracle October 2019 Critical Patch Update for All Product Families Threat Alert

outubro 21, 2019

Overview

On October 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its October 2019 Critical Patch Update (CPU) which fixes 240 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the appendix. (mais…)

Oracle WebLogic Remote Code Execution Vulnerability (CVE-2019-2725) Patch Bypass Threat Alert

junho 18, 2019

Overview

Recently, the NSFOCUS security team has found that the Oracle Weblogic vulnerability is exploited in the wild. Its attack signature is similar to that of the CVE-2019-2725 vulnerability. The attack can bypass the latest security patch released by Oracle in April. This vulnerability exists because no proper sanitization is performed when deserialized information is handled. By sending a crafted malicious HTTP request, attackers could exploit this vulnerability to gain server privileges and remotely execute arbitrary code in an unauthorized manner.

(mais…)

Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert

maio 3, 2019

1 Vulnerability Overview

On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker could exploit this vulnerability to gain server privileges for remote code execution by sending a carefully crafted malicious HTTP request. (mais…)

Search

Inscreva-se no Blog da NSFOCUS