Intrusion PreventionOracle.WebLogic.Server.wls-wsat.Component.Code.Injection
Description
This indicates an attack attempt to exploit a Code Execution vulnerability in Oracle WebLogic Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the wls-wsat component, when handling a maliciously crafted HTTP request. A remote attacker may be able exploit this to execute arbitrary code within the context of the application via a crafted request.
Outbreak Alert
Known exploited vulnerabilities in the Oracle WebLogic Server. The vulnerabilities allows an unauthenticated attacker with network to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data on the Oracle WebLogic Server and attacker may further use it deploy malware such as cryptocurrency miners.
Affected Products
Oracle Weblogic Server 10.3.6 0
Oracle Weblogic Server 12.2.1.2
Oracle Weblogic Server 12.2.1.1
Oracle Weblogic Server 12.1.3.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2019-06-06 | 14.627 |
Modified
|
Severity:critical:high |
| ID | 45334 |
| Created | Dec 29, 2017 |
| Updated | Dec 21, 2020 |
| CVE ID | |
| Tags | Oracle WebLogic Server Vulnerability Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.44% |
| Default Action | drop |
| Active | |
| Profile Type | Code Injection |