2018年1月18日

「Oracle WebLogic Server」の脆弱性狙う攻撃が発生


Oracle Fusion Middleware の Oracle WebLogic Server コンポーネントは、多くの商用ウェブサイトや企業アプリケーションの構築等に利用されているソフトウェア製品です。

Oracle WebLogic Serverにおける既知の脆弱性を悪用する攻撃が、2017年12月下旬より報告されているとしてセキュリティ関係機関が注意を呼びかけています。
悪用が確認されているのは、ウェブサイトや企業アプリケーションで利用されている「Oracle WebLogic Server」の「WLS Security」に起因する脆弱性「CVE-2017-10271」です。

今回の問題は、昨年10月に修正プログラムがリリースされていますが、2017年12月下旬に公開された攻撃コードが悪用され修正パッチが適用されていないシステムに対して悪意のあるコインマイナー(仮想通貨をマイニングするプログラム)を仕込まれる攻撃事例が報告されています。
使用されている脆弱性は他の目的にも悪用できます。
本脆弱性が悪用された場合、遠隔の攻撃者により、情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 攻撃が行われる可能性があります。

本脆弱性についてはシステムを確認し、できるだけ早くアップデートを実施し、脆弱性を修正するよう注意してください。
また、管理者の方はすでに攻撃を受けて、システムを侵害されていないか、確認しましょう。

参考元
12月下旬より「Oracle WebLogic Server」狙う攻撃が発生 - 仮想通貨採掘に悪用されたケースも

株式会社サンロフトでは、最新のセキュリティ情報をお届けします。是非お気軽に、ご相談ください。

6 件のコメント:

  1. KADG Pune 2021 - Online Casino - Kadang Pintar
    Online Casino · 제왕카지노 24 Pokies · Best Online Slots in 온카지노 2021 · 1 Casino Online · Live Casino · Casino Jackpots · Mobile · Mobile Casino · 카지노 Welcome Bonus · Mobile

    返信削除
  2. I have a hard time describing my thoughts on content, but I really felt I should here. Your article is really great. I like the way you wrote this information Landlord
    u384_majortotositepro
    u385_racesitepro
    u386_oncasinositenet
    u387_totopickpro

    返信削除
  3. Great content to read. The picture looks so cool. Thanks for sharing this beautiful post. Keep sharing more interesting blogs like this. Viginia Reckless Driving

    返信削除
  4. Oracle WebLogic Server is a Java Enterprise Edition (Java EE) application server that is part of Oracle's Fusion Middleware portfolio. It is designed for high performance and scalability, making it suitable for building a wide range of enterprise applications. WebLogic Server offers a robust security framework, including user authentication, authorization, and data encryption, and supports integration with various identity management solutions. It supports clustering, load balancing, and failover capabilities, ensuring high availability and scalability of applications. Oracle provides tools for managing and monitoring WebLogic Server instances, domains, and applications, allowing administrators to configure, monitor, and manage server resources. It also offers integration capabilities with other Oracle products and services, making it an integral part of Oracle's cloud and enterprise ecosystem. WebLogic Server is cross-platform, supporting a variety of operating systems, including Windows, Linux, and UNIX flavors. It is developer-friendly, offering tools and features for building and testing Java EE applications, including support for IDEs like Oracle Developer, Eclipse, and NetBeans. WebLogic Server supports the development and deployment of web services based on Java EE standards, crucial for creating service-oriented architectures (SOA). Oracle's Java Mission Control allows monitoring, managing, and profiling applications running on WebLogic Server, helping identify and resolve performance and stability issues.
    fedex truck accident

    返信削除
  5. Oracle WebLogic Server is a robust and efficient enterprise application management system that offers reliability, stability, scalability, robust security features, and comprehensive management and monitoring tools. However, it is complex and may require expertise for beginners. The server may consume significant system resources, which may be a concern for organizations with resource constraints or cost-conscious environments. Additionally, licensing costs can be high, especially for small to mid-sized businesses with budget constraints. Despite Oracle's comprehensive documentation, some users find it dense and challenging to navigate. Despite this, Oracle has a well-established user community and support services. It is important to note that the software landscape may change, and it is recommended to check more recent sources for the latest reviews and feedback on Oracle WebLogic Server. Ley de Accidentes de Motocicleta

    返信削除
  6. Buen Abogado para Automovilístico de AccidenteThe article introduces Oracle WebLogic Server, a crucial component of Oracle Fusion Middleware for building commercial websites and enterprise applications. It highlights a potential issue with CVE-2017-10271, a vulnerability that has been exploited since late December 2017. The article effectively communicates the connection between the vulnerability and WLS Security in Oracle WebLogic Server, providing valuable information for IT professionals and individuals responsible for system security. While the warning is clear, additional details on recommended security measures or updates could enhance its practicality. Overall, the article serves as a timely alert, combining technical details with a call for caution in the face of known vulnerabilities in Oracle WebLogic Server.

    返信削除