October 23, 2018
On October 17, Beijing time, Oracle officially released a Critical Patch Update (CPU), which contains a fix for the critical WebLogic remote code execution vulnerability (CVE-2018-3191). This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in takeover of Oracle WebLogic Server, hence remote code execution.
October 22, 2018
On October 16, local time (early morning on October 17, Beijing time), Oracle officially released the October (third quarter) Critical Patch Update (CPU), which fixes a July (second quarter) CPU patch. The WebLogic remote code execution vulnerability (CVE-2018-2893) has not been fully fixed. The newly fixed vulnerability is assigned CVE-2018-3245. (more…)