The patching urgency: In its CPU advisory, Oracle addressed this flaw along with hundreds of others across its portfolio. Researchers call it a common Java filter flaw, which makes it a known territory for attackers.”The vulnerability our team discovered follows a familiar pattern in Java: filters designed to restrict authentication often contain easy-to-exploit authentication bypass flaws,” they said. “Logical flaws in how Java interprets request URIs are a gift that continues giving when paired with matrix parameters.”In this case, the flaw affects OIM versions 12.2.1.4.0 and 14.1.2.1.0. According to Johannes Ullrich, Dean of Research for SANS Technology Institute, the proof-of-concept (POC) URL provided by Searchlight Cyber Research was accessed “several times between August 30th and September 9th” this year.Attacker IP addresses shared by Ullrich include 89.238.132.76, 185.245.82.81, and 138.199.29.153. Searchlight researchers noted that participating in capture-the-flag (CTF) style work and probing compile-time or annotation chains continues to yield fresh RCEs.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4095150/oracle-oim-zero%e2%80%91day-pre%e2%80%91auth-rce-forces-rapid-patching-across-enterprises.html
