{"vulnerability": "CVE-2017-3506", "sightings": [{"uuid": "dce07f6a-8107-451c-8b09-c3dcb9db0e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "MISP/5ba281fe-cc88-4bf3-a9ef-3c290a021402", "content": "", "creation_timestamp": "2018-09-19T17:29:15.000000Z"}, {"uuid": "0c14905f-4bbc-4606-8725-3bdfb9e30712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "MISP/fab9047e-3eb6-4d8e-a967-65c02cd3e253", "content": "", "creation_timestamp": "2020-10-09T16:07:00.000000Z"}, {"uuid": "b4406605-4189-4bf2-9657-80440a82a9e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-06-03T18:10:02.000000Z"}, {"uuid": "4c8b7171-a927-41ac-a74b-52cb299cc90e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:55.000000Z"}, {"uuid": "d189d63c-e657-4856-8903-79cf77ba4ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:24.000000Z"}, {"uuid": "663ae268-63b5-4d67-a1a4-bb18ba6698b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/143f687a-1e49-4246-8875-715d23ee0553", "content": "", "creation_timestamp": "2026-02-02T12:26:35.357998Z"}, {"uuid": "95e859c1-9e55-436d-aaa5-c9c400ea3e3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "Telegram/-FwDw_-0oYCibu6JaJ5TIUZcecQ8JUkHzwVeEJh8I4mLXlE", "content": "", "creation_timestamp": "2024-06-04T06:24:23.000000Z"}, {"uuid": "38fcd2c6-415d-4fa2-9273-1f5901064bfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/10531", "content": "The Hacker News\nOracle WebLogic Server OS Command Injection Flaw Under Active Attack\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nTracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized", "creation_timestamp": "2024-06-04T08:29:08.000000Z"}, {"uuid": "098b6f94-4226-4d64-9028-bce37e60aac2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/itsec_news/4519", "content": "\u200b\u26a1\ufe0f\u041c\u0430\u0439\u043d\u0435\u0440\u044b-\u043d\u0435\u0432\u0438\u0434\u0438\u043c\u043a\u0438: 8220 Gang \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 WireGuard \u0434\u043b\u044f \u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0430\u0442\u0430\u043a\n\n\ud83d\udcac\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u043e \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0443 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b (\u043a\u0440\u0438\u043f\u0442\u043e\u0434\u0436\u0435\u043a\u0438\u043d\u0433\u0443), \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 8220 Gang, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Oracle WebLogic Server.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0438\u0437 Trend Micro \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0432 \u0441\u0432\u043e\u0451\u043c \u0441\u0432\u0435\u0436\u0435\u043c \u043e\u0442\u0447\u0451\u0442\u0435, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u0442\u0435\u0445\u043d\u0438\u043a\u0438 \u0431\u0435\u0441\u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a Reflective DLL Loading. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u041f\u041e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u0438\u0437\u0431\u0435\u0433\u0430\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043d\u0430 \u0434\u0438\u0441\u043a\u0435.\n8220 Gang, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Water Sigbin, \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Oracle WebLogic Server, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2017-3506, CVE-2017-10271 \u0438 CVE-2023-21839. \u0423\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u0430\u0439\u043d\u0435\u0440\u0430.\n\n\u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 PowerShell, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043f\u0435\u0440\u0432\u044b\u0439 \u044d\u0442\u0430\u043f \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 (\u00abwireguard2-3.exe\u00bb). \u042d\u0442\u043e\u0442 \u0444\u0430\u0439\u043b \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 WireGuard VPN, \u043d\u043e \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0434\u0440\u0443\u0433\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b (\u00abcvtres.exe\u00bb) \u043f\u0440\u044f\u043c\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e DLL (\u00abZxpus.dll\u00bb).\n\n\u042d\u0442\u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b \u0441\u043b\u0443\u0436\u0438\u0442 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 PureCrypter (\u00abTixrgtluffu.dll\u00bb), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043d\u0430 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u0441\u043e\u0437\u0434\u0430\u0451\u0442 \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u0434\u0430\u0447\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u043c\u0430\u0439\u043d\u0435\u0440\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u0430 Microsoft Defender.\n\n\u041a\u043e\u043c\u0430\u043d\u0434\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435\u043c, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f XMRig, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0435\u0442 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043c\u0430\u0439\u043d\u0435\u0440 \u0441 \u0434\u043e\u043c\u0435\u043d\u0430, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u0421\u0430\u043c \u043c\u0430\u0439\u043d\u0435\u0440 \u043c\u0430\u0441\u043a\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0439 \u0431\u0438\u043d\u0430\u0440\u043d\u044b\u0439 \u0444\u0430\u0439\u043b Microsoft (\u00abAddinProcess.exe\u00bb).\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u0435\u0442\u043e\u0434 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u0449\u0438\u0442\u044b. \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u0441\u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0442\u0435\u0445\u043d\u0438\u043a \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u044f\u0435\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Oracle WebLogic Server, \u0433\u0440\u0443\u043f\u043f\u0430 8220 Gang \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0434\u0440\u0443\u0433\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u0435\u0439. \u0418\u0445 \u043c\u0435\u0442\u043e\u0434\u044b \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u0443\u044e\u0442\u0441\u044f, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0438 \u0433\u0440\u0443\u043f\u043f\u044b \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u0438\u0437\u043e\u0449\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u0438 \u043e\u043f\u0430\u0441\u043d\u044b\u043c\u0438.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043c\u0438\u0448\u0435\u043d\u044c\u044e \u044d\u0442\u0438\u0445 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0438 \u0441\u0442\u0430\u0440\u044b\u043c\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0438\u0445 \u043b\u0451\u0433\u043a\u043e\u0439 \u0434\u043e\u0431\u044b\u0447\u0435\u0439 \u0434\u043b\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-06-28T19:48:04.000000Z"}, {"uuid": "af48b9ff-9a16-4b25-add0-0dc467f3e950", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "Telegram/zv0-WN1ekGzYSPAJbDAdNFDyGxKQy119XVSjXkoYLwf1MgNb", "content": "", "creation_timestamp": "2024-06-06T19:08:56.000000Z"}, {"uuid": "a2659495-99d7-414f-817a-db9f51dd4f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/itsec_news/3872", "content": "\u200b\u26a1\ufe0f\u0413\u0440\u0443\u043f\u043f\u0430 8220 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0442\u0440\u0451\u0445 \u043a\u043e\u043d\u0442\u0438\u043d\u0435\u043d\u0442\u0430\u0445 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Oracle WebLogic\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Imperva \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 8220, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Oracle WebLogic Server \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f.\n\n\u0420\u0435\u0447\u044c \u0438\u0434\u0451\u0442 \u043e CVE-2020-14883 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7.2), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0439 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 (RCE), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432.\n\n\u00ab\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0433\u0430\u0434\u0436\u0435\u0442\u043e\u0432 \u0438 \u0447\u0430\u0441\u0442\u043e \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0441 CVE-2020-14882 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 Oracle WebLogic Server) \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u0442\u0435\u0447\u0435\u043a, \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u0441\u043b\u0430\u0431\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u043e\u0442\u0447\u0451\u0442\u0435 Imperva.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 8220 \u0443\u0436\u0435 \u0438\u043c\u0435\u0435\u0442 \u043e\u043f\u044b\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0441 \u0446\u0435\u043b\u044c\u044e \u043a\u0440\u0438\u043f\u0442\u043e\u0434\u0436\u0435\u043a\u0438\u043d\u0433\u0430. \u0412 \u043c\u0430\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u043e\u043d\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0434\u0440\u0443\u0433\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Oracle WebLogic ( CVE-2017-3506 , \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7.4) \u0434\u043b\u044f \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432 \u0431\u043e\u0442\u043d\u0435\u0442 \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b.\n\n\u041d\u0435\u0434\u0430\u0432\u043d\u0438\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a, \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 Imperva, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 CVE-2020-14883 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 XML-\u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0434\u0430, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0433\u043e \u0437\u0430 \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b, \u0442\u0430\u043a\u043e\u0433\u043e \u043a\u0430\u043a Agent Tesla, rhajk \u0438 nasqa.\n\n\u00ab\u0421\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043e\u0449\u0443\u0449\u0435\u043d\u0438\u0435, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0435\u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e, \u0431\u0435\u0437 \u044f\u0432\u043d\u043e\u0439 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0432 \u0432\u044b\u0431\u043e\u0440\u0435 \u0441\u0442\u0440\u0430\u043d\u044b \u0438\u043b\u0438 \u043e\u0442\u0440\u0430\u0441\u043b\u0438\u00bb, \u2014 \u043e\u0442\u043c\u0435\u0442\u0438\u043b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u0437 Imperva \u0414\u0430\u043d\u0438\u044d\u043b\u044c \u0414\u0436\u043e\u043d\u0441\u0442\u043e\u043d.\n\n\u0426\u0435\u043b\u044f\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 8220 \u0443\u0436\u0435 \u0441\u0442\u0430\u043b\u0438 \u0441\u0435\u043a\u0442\u043e\u0440\u0430 \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f, \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 \u0438 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u044b\u0445 \u0443\u0441\u043b\u0443\u0433 \u0432 \u0421\u0428\u0410, \u042e\u0436\u043d\u043e\u0439 \u0410\u0444\u0440\u0438\u043a\u0435, \u0418\u0441\u043f\u0430\u043d\u0438\u0438, \u041a\u043e\u043b\u0443\u043c\u0431\u0438\u0438 \u0438 \u041c\u0435\u043a\u0441\u0438\u043a\u0435.\n\n\u00ab\u0413\u0440\u0443\u043f\u043f\u0430 \u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u043f\u0440\u043e\u0441\u0442\u044b\u0435, \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\u00bb, \u2014 \u0434\u043e\u0431\u0430\u0432\u0438\u043b \u0414\u0436\u043e\u043d\u0441\u0442\u043e\u043d. \u00ab\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0438\u0445 \u043c\u0435\u0442\u043e\u0434\u044b \u0441\u0447\u0438\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u0441\u043b\u043e\u0436\u043d\u044b\u043c\u0438, \u043e\u043d\u0438 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u044d\u0432\u043e\u043b\u044e\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u044e\u0442 \u0432 \u0441\u0432\u043e\u0438\u0445 \u0442\u0430\u043a\u0442\u0438\u043a\u0430\u0445 \u0438 \u0442\u0435\u0445\u043d\u0438\u043a\u0430\u0445, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f\u00bb.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2023-12-19T17:39:29.000000Z"}, {"uuid": "23f9970a-9ab6-441a-be7a-d1bee881860c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "https://t.me/Pen7esting/216", "content": "Oracle WebLogic Deserialization RCE Vulnerability 2017~2019\n\nCVE-2019-2729\nCVE-2019-2725\nCVE-2017-10271\nCVE-2017-3506https://t.co/AFSK2UUXyL", "creation_timestamp": "2019-06-20T12:20:36.000000Z"}, {"uuid": "fe2faf60-fd5a-4748-a88c-5179e79d84e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "Telegram/HRtGTTdcgrdFfC4KgRublbD9-xH8YcnZ9X4OpnsoX9pmDw", "content": "", "creation_timestamp": "2024-06-04T08:29:07.000000Z"}, {"uuid": "96052e9b-f3ba-4aa7-aa13-270b9cde6920", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "Telegram/TWFAujDiM9Q_sDIuwdzuCj1B9CB6p4iXNPfDtcfRQau4qapO", "content": "", "creation_timestamp": "2024-06-13T14:24:39.000000Z"}, {"uuid": "c3c5942b-c566-4c54-b7d0-b735f255c525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/KomunitiSiber/2049", "content": "Oracle WebLogic Server OS Command Injection Flaw Under Active Attack\nhttps://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nTracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized", "creation_timestamp": "2024-06-04T06:46:17.000000Z"}, {"uuid": "0ea81fac-e907-4557-bae2-d5cf16355c85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "seen", "source": "https://t.me/arpsyndicate/564", "content": "#ExploitObserverAlert\n\nCVE-2017-3506\n\nDESCRIPTION: Exploit Observer has 93 entries related to CVE-2017-3506. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nFIRST-EPSS: 0.969270000\nNVD-IS: 5.2\nNVD-ES: 2.2", "creation_timestamp": "2023-11-25T03:21:41.000000Z"}, {"uuid": "2fa3b0b9-0c9e-46a5-a9ae-22bb70a4be91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "Telegram/Xo4DxTRP5onBu8JpH-tADiU4VEmiyg4rFzQ7W1Mupb_5Lw", "content": "", "creation_timestamp": "2024-06-04T06:53:47.000000Z"}, {"uuid": "893690bb-eb8c-4e97-be35-95b41c7a6073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "Telegram/Z8pumVuZ4KIKbD3z_qLVtKX2ZId1jIc9RnB-nq_iS7ix3Q", "content": "", "creation_timestamp": "2023-05-18T13:59:53.000000Z"}, {"uuid": "c3bd6eff-b976-4ac1-b7d9-657fcf850d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/tengkorakcybercrewz/2083", "content": "The Hacker News\nOracle WebLogic Server OS Command Injection Flaw Under Active Attack\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.\nTracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized", "creation_timestamp": "2024-06-04T08:29:08.000000Z"}, {"uuid": "ac19adcc-0bbd-4790-9256-73a05abc75d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/thehackernews/5057", "content": "\ud83d\udea8 Alert - CISA has added a critical flaw in Oracle WebLogic Server to its KEV catalog due to active exploitation. \n \nDetails: https://thehackernews.com/2024/06/oracle-weblogic-server-os-command.html \n \nThis OS command injection vulnerability (CVE-2017-3506) could allow attackers to take control of affected servers.", "creation_timestamp": "2024-06-04T06:05:48.000000Z"}, {"uuid": "716b89ef-8f62-48f5-92c2-318d574010eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/information_security_channel/52310", "content": "CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability\nhttps://www.securityweek.com/cisa-warns-of-attacks-exploiting-old-oracle-weblogic-vulnerability/\n\nCISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog.\nThe post CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability (https://www.securityweek.com/cisa-warns-of-attacks-exploiting-old-oracle-weblogic-vulnerability/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2024-06-04T15:07:07.000000Z"}, {"uuid": "ffa4b201-93f0-4d3e-ba79-8395284b1c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-3506", "type": "exploited", "source": "https://t.me/KomunitiSiber/222", "content": "8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency\nhttps://thehackernews.com/2023/05/8220-gang-exploiting-oracle-weblogic.html\n\nThe notorious cryptojacking group tracked as\u00a08220 Gang\u00a0has been spotted weaponizing a six-year-old security flaw in Oracle WebLogic servers to ensnare vulnerable instances into a botnet and distribute cryptocurrency mining malware.\nThe flaw in question is\u00a0CVE-2017-3506\u00a0(CVSS score: 7.4), which, when successfully exploited, could allow an unauthenticated attacker to execute arbitrary commands", "creation_timestamp": "2023-05-18T12:43:27.000000Z"}]}