![]() ![]() A remote, unauthenticated attacker can exploit the vulnerability targeting config.do while authentication is required to access and exploit the vulnerability targeting begin.do. Vulnerability DescriptionĬVE-2018-2894 consists of two arbitrary file upload vulnerabilities, one targeting config.do, and one targeting begin.do. All users of Oracle WebLogic are strongly encouraged to immediately apply security patches for this vulnerability or to take other mitigating actions. Successful exploitation of this vulnerability provides attackers with shell access to the web server, which is a significant risk of compromise. Exploitations against our customers and our honeynet have occurred since July 19, 2018. Alert Logic® is researching active exploitation attempts of CVE-2018-2894, an Oracle WebLogic JSP File Upload Vulnerability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |