Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0. Organizations that are running vulnerable versions of WebLogic are encouraged to prioritize patching as soon as possible.

Rapid7 Labs Project Heisenberg began seeing elevated levels of WebLogic attacker activity targeting this newfound weakness a few days after the KnownSec 404 Team made the vulnerability public when a proof-of-concept exploit was released.

weblogic-01

While attackers are scanning for and compromising internet-facing vulnerable WebLogic instances, they are also successfully landing ransomware and cryptocurrency-mining exploit campaigns internally in organizations.

A Metasploit module is available here.

A remote vulnerability check for our vulnerability scanner, InsightVM, was included in the April 29 content update, and an authenticated check for WebLogic 12.x was released with the May 3 update.

[Free 30-day trial] Scan your environment for vulnerabilities with InsightVM today

Get Started