Hot Topics

WebLogic

WebLogic T3/IIOP Information Disclosure Vulnerability (CVE-2024-21006/CVE-2024-21007)

WebLogic T3/IIOP Information Disclosure Vulnerability (CVE-2024-21006/CVE-2024-21007)

| | Blog, CVE-2024-21006, CVE-2024-21007, Emergency Response, Information Disclosure Vulnerability, WebLogic
Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement and fixed two information disclosure vulnerabilities (CVE-2024-21006/CVE-2024-21007) in Oracle WebLogic Server. Due to the defects of T3/IIOP protocol, unauthenticated attackers ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma

| | Authentication, Exploits, VERT, vulnerability, WebLogic
A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution ...
The State of Security
phishing cybersecurity

Patch for Critical Oracle WebLogic Vulnerability Can Be Bypassed

| | CVE-2018-2628, deserialization, Microsoft Outlook, PDF files, WebLogic, Windows SMB
Security researchers warn that a patch recently released by Oracle for a critical vulnerability in its WebLogic Java application server can easily be bypassed. The risk of exploitation is high especially since ...
Security Boulevard

Secure Guardrails