Oracle Security Update: CVE-2019-2725

On Friday 26 April 2019, Oracle released a new ‘out of band’ security alert for WebLogic Server, affecting versions 10.3.6 and 12.1.3: CVE-2019-2725.

Out of band updates and alerts are usually critical as they occur outside of Oracle’s usual patching schedule. It means that Oracle thinks that the corresponding issue is damaging enough that you need to do something about it now. You can’t wait until its scheduled date or your patching window.

What do you need to do if you’re affected?

If you are still with Oracle Support and are running the affected versions, you should prioritise applying CVE-2019-2725 to protect against this vulnerability. You can also apply KnownSec 404’s (the group who discovered the vulnerability) temporary solution in the meantime, if applying Oracle’s patch will take too long.

How Support Revolution customers are protected

Our customers are already protected by Trend Deep Security. It’s a security solution that acts as a fence around your systems to defend against these types of weaknesses.

Trend Micro Deep Security has already released a rule update (1009707, released on April 26 2019). This enables detection and also protection against attackers attempting to use this exploit. It has already been deployed onto the systems we manage.

This means that all of our customers are already protected against this exploit. They don’t need to spend any time or money patching their systems manually.

What is the danger?

This is a deserialization vulnerability. It allows an unauthenticated attacker to submit a specially crafted XML to a WebLogic server. This causes it to connect to a remote site and then download additional exploit instructions.

The KnownSec 404 team in China discovered this exploit. It was part of an investigation into an older exploit (CVE-2017-10271) where they were also able to identify a weakness in the wls9_async_response package.

Other companies have already created proof of concept exploits. Discussions on it (such as Tenable) also indicate that it is an easily exploitable vulnerability that should be protected against urgently.

Learn more about how we protect our customers

Our modern patching and security methods protect our customers. You can learn more about how we protect our customers by reading our guide on the subject.

Skip to content