New Oracle 0-day published CVE-2019-2729

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
Same shit different day
Tenable covered the old CVE here and the new one here. Oracle released their security advisory already both on their main site and blog.

Basically the same issue persists, find a way to trick the Oracle WebLogic Server to decode XML and execute.

This is a RCE (Remote Code Execution), standby as there is most probably going to be a fuck-ton of 7001's facing the public throughout the world that are vulnerable.

An awesome security team blogged about finding the original issue: https://paper.seebug.org/910/

Be cautious of CVE-2019-2729...
 
Top