Oracle has released an emergency patch for a security flaw in WebLogic Server in response to the discovery of a vulnerability that leaves users open to attack.
The vulnerability lies in the Node Manager component of WebLogic Server, and could be exploited by attackers to remotely gain access to a vulnerable system. According to Vupen Security, the issue is due to a missing authentication within the “Node Manager” (beasvc.exe) process when processing incoming connections to port 5556/TCP, which could allow remote unauthenticated attackers to execute certain commands.
The patch, issued Feb. 4, came roughly two weeks after Intevydis CEO Evgeny Legerov revealed the bug on a blog.
“A successful exploitation of this vulnerability may result in a full compromise of the targeted server on Windows,” blogged Eric Maurice, manager for security in Oracle’s global technology business unit. “On other platforms (Unix, Linux, etc.), the attacker may gain access to the targeted server with the same privileges as the WebLogic server processes. This kind of vulnerability further highlights the need to use ‘least privilege’ as much as possible on operating systems for running sensitive processes and applications.”
As a workaround, users can restrict access to the Node Manager port through firewalls or other network access controls to prevent the exploitation by anonymous Internet users. In addition, organizations should consider updating their policies to permit access to this port only by trusted subnet/users, Oracle advised.