Researchers warn of unpatched vulnerability in Oracle WebLogic Server
Several security companies have detected scans over the past week that look for Oracle WebLogic servers vulnerable to a flaw that hasn’t yet been patched, possibly in preparation for malicious attacks. The vulnerability is a deserialization bug that can lead to remote code execution, but it’s located in a specific package called wls9_async_response that’s not included by default in all WebLogic server builds. Therefore, attackers are likely running these probes to first identify servers with this component enabled that they can later attack.
The first to report the unpatched — zero-day — vulnerability were researchers from a China-based company called KnownSec. However, their post on Medium remained largely unnoticed until researchers from other companies like F5 Networks and Waratek also issued alerts.