Late last week, news emerged about a potential new vulnerability in WebLogic [1]. The vulnerability was first reported to the Chinese National Vulnerability Database (CNVD). A proof of concept exploit labeled “CVE-2018-2628” was made available at the same time. The name of the exploit caused some confusion. CVE-2018-2628 refers to a WebLogic vulnerability that was fixed last year in Oracle’s April critical patch update.
Article Link: https://isc.sans.edu/diary/rss/24890