Easily exploitable RCE in Oracle WebLogic Server under attack

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned.


Oracle WebLogic is a Java EE application server that is part of Oracle’s Fusion Middleware portfolio and supports a variety of popular databases. These servers are often targeted by attackers, whether for cryptocurrency mining or as a way into other enterprise systems.

About the vulnerability (CVE-2020-14882)

CVE-2020-14882 may allow unauthenticated attackers with network access via HTTP to achieve total compromise and takeover of vulnerable Oracle WebLogic Servers.

The vulnerability affects Oracle WebLogic Server versions,,, and, and has been patched by Oracle last week.

Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, said that SANS ISC’s honeypots are getting hit by exploit attempts originating from four IP addresses.

For now, the attackers are only probing to see whether the target systems are vulnerable, but that’s likely because the honeypots did not return the “correct” response.

“The exploit appears to be based on this blog post published in Vietnamese by ‘Jang’,” he added. (The researcher in question has previously flagged several flaws in Oracle’s offerings, though not this one.)

The exploit allows attackers to achieve RCE on a vulnerable Oracle WebLogic Server by sending one simple POST request.

A demonstration of the exploit in action is available here.

The PoC exploit was published yesterday, and it didn’t take long for attackers to take advantage of it. Admins are advised to patch vulnerable systems as soon as possible.


Next Post

Is Your Encryption Ready for Quantum Threats?

Thu Oct 29 , 2020
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era. In October 2019, Google announced it had achieved “quantum supremacy” in a Forbes article entitled “Quantum Computing Poses An Existential Security Threat, But Not Today.” The Google team had developed a quantum computer […]