Rewterz Threat Alert – DNSpionage Threat Actors Resurface With “Karkoff” Malware
April 25, 2019Rewterz Threat Alert – Buhtrap backdoor and ransomware distributed via major advertising platform
April 30, 2019Rewterz Threat Alert – DNSpionage Threat Actors Resurface With “Karkoff” Malware
April 25, 2019Rewterz Threat Alert – Buhtrap backdoor and ransomware distributed via major advertising platform
April 30, 2019Severity
Medium
Analysis Summary
Oracle WebLogic application contains a critical deserialization remote code execution vulnerability that affects all versions of the software, which can be triggered if the “wls9_async_response.war” and “wls-wsat.war” components are enabled.
The vulnerability allows attackers to remotely execute arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization.
Impact
Remote code execution
Affected Vendors
Oracle
Affected Products
- WebLogic 10.X
- WebLogic 12.1.3
Remediation
Vendor has not released any patch for the following product as of yet.
Temporary Solution for the following unpatched vulnerability is recommended.
- Scenario-1: Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service
- Scenario-2: Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.