On October 29th, Detectify released a security test to detect a critical Oracle WebLogic Server RCE – CVE-2020-14882. Again in November, Oracle released an out-of-band security patch to fix a related RCE for Oracle Fusion Middleware. These vulnerabilities are currently being exploited by multiple botnets in the wild. Detectify scans your application for both of these vulnerabilities and will alert you if you are running a vulnerable version of Oracle WebLogic Server.
What can happen if I’m vulnerable?
The issue involves two remote code execution (CVE-2020-14882, CVE-2020-14750) vulnerabilities that allows attackers to execute arbitrary commands on unpatched Oracle WebLogic servers, enabling malicious actors to download files, log keystrokes, steal sensitive data, move laterally across a network, and even recruit compromised machines to a botnet and deploy crypto miners. The vulnerabilities can be exploited by simply sending one request to the server, which is why they have been assigned high severity scores.
Who is affected by this vulnerability?
Unpatched Oracle WebLogic servers and enterprise Java applications running on the platform.
What should I do if I see this finding in my Detectify report?
Immediately install the October 2020 Critical Patch Update and related November 2020 out-of-band patch from Oracle. The original vulnerability tracked by CVE-2020-14882 has a CVSS rating of 9.8 out of 10 (maximum), and affects Oracle WebLogic Server versions 10.3.6.0.0, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0, and 126.96.36.199.0.
How does Detectify check for this?
Shortly after the announcement from Oracle in October, Detectify received a working proof of concept for CVE-2020-14882 from Detectify Crowdsource ethical hackers. The security research team released a module as soon as they verified the exploit-capable payload and did this within 15 minutes on October 29th. Detectify also released a module for CVE-2020-14750 before November 13th.
Detectify is a continuous web scanner and monitoring service that can be set up for automated scanning for 2000+ known vulnerabilities including the OWASP Top 10 and Oracle WebLogic vulnerabilities. Start your free 2-week trial today and check for the latest vulnerabilities!