Catalin Cimpanu reports:
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers.
Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory.
The April 2018 CPU contained a patch for CVE-2018-2628, a vulnerability in the WLS core component of WebLogic, a Java EE application server.
According to an Alibaba Cloud engineer, Oracle appears to have botched the CVE-2018-2628 patch, and there’s a way to bypass the April 2018 patch and exploit the flaw even on supposedly patched WebLogic systems.
Read more on Bleeping Computer.