Concerned About Your Business Cyber Security?

(877) 321--7374

Unpatched Vulnerability Alert – WebLogic Zero Day, (Thu, Apr 25th)

The news today is full of a new deserialization vulnerability in Oracle WebLogic.  This affects all current versions of the product (the POC is against 10.3, but 12.x versions are also affected).  The vulnerability affects the wls9_async_response package (which is not included by default in all builds), so the workaround is to either ACL the Z/_async/* and /wls-wsat/* paths, or delete wls9_async_response.war.  A successful attack gets the attacker remote code exec on the vulnerable server.

Ready For ASuperheroI.T. Solution?

Real Time Web Analytics