• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Oracle

Using Whitelisting to Remediate an RCE Vulnerability (CVE-2019-2729) in Oracle WebLogic
  • Posted on:June 25, 2019 at 5:00 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. This vulnerability is relatively easy to exploit, but requires Java Development Kit (JDK) 1.6. By default, WebLogic version 10.3.6 is shipped with JDK 1.6.

CVE-2019-2729 is essentially a bypass to CVE-2019-2725. This security issue, however, first surfaced in April 24 2017 as CVE-2017-3506.  We took a closer look at CVE-2019-2729 to see how this class of vulnerability has been remediated  — particularly via blacklisting or whitelisting — and why it has become a recurring security issue.

Read More
Tags: CVE-2019-2725CVE-2019-2729OracleOracle WebLogic

Why Vulnerability Research Is A Good Thing
  • Posted on:August 14, 2015 at 1:22 am
  • Posted in:Targeted Attacks, Vulnerabilities
  • Author:Raimund Genes (Chief Technology Officer)
1

Earlier this week Oracle’s CSO released a blog post that talked about why people should stop looking for vulnerabilities in their software products. Needless to say, this did not go down well with the security community – and the post was soon taken down with a statement from the company adding that the post “does not reflect our…

Read More
Tags: ExploitJavaOraclevulnerability

July 2015 Patch Tuesday: Microsoft, Adobe, and Oracle Roll out Security Patches for Zero-Day Vulnerabilities
  • Posted on:July 15, 2015 at 10:03 am
  • Posted in:Vulnerabilities
  • Author:
    Bernadette Irinco (Technical Communications)
0

July proves to be pretty busy for both software vendors and security researchers as various zero-day vulnerabilities were reported. In this month’s patch Tuesday, Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘critical’, could allow attackers…

Read More
Tags: AdobeJulyMicrosoftOraclePatch Tuesdayzero-day vulnerabilities

Trend Micro Finds Vulnerabilities in Java, Patched in Latest Oracle Update
  • Posted on:October 17, 2013 at 9:47 am
  • Posted in:Vulnerabilities
  • Author:
    Yuki Chen (Threat Solution Engineer)
0

Yesterday, Oracle recently released a new round of updates for Java. Two of these vulnerabilities (CVE-2013-5809 and CVE-20135778) and one in-depth defense issue were discovered by Trend Micro researchers and were privately reported to Oracle. All of these are now patched, and we do not believe they are in use or were earlier discovered by threat…

Read More
Tags: ExploitsJavaOraclesecurity updateVulnerabilities

Java 6 Zero-Day Exploit Pushes Users to Shift to Latest Java Version
  • Posted on:August 27, 2013 at 5:17 pm
  • Posted in:Exploits, Malware, Vulnerabilities
  • Author:
    Gelo Abendan (Technical Communications)
0

Reports of an active exploit targeting an unpatched vulnerability in Java 6 recently surfaced. Upgrading to the latest version of Java is the prescribed solution, though for some users, this is easier said than done. The said exploit, detected by Trend Micro as JAVA_EXPLOIT.ABC, targets CVE-2013-2463 which Oracle addressed last June. Java 6 is also…

Read More
Tags: ExploitJavaJava 6 supportMicrosoftOracleransomwareWindows XPzero-day exploit
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
  • US and European companies Top Targets of CEO Fraud
  • Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
  • Company CFOs Targeted The Most By BEC Schemes

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.