A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities


Trend Micro researchers have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems.

One of the older vulnerabilities that is still being actively exploited by malicious actors is CVE-2020-14882, a remote code execution (RCE) vulnerability that takes advantage of improper input validation in Oracle WebLogic Server. This vulnerability affects versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, and can be exploited by a remote unauthenticated attacker via sending a crafted HTTP request to the victim server resulting in RCE. It also has a CVSS v3.0 score of 9.8.

Read more…
Source: Trend Micro