Hello and welcome to the Wednesday, April 19th, 2020,

3 edition of the Sandinert Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Augusta, Georgia.

Well, today I got to write about a little bit an old vulnerability and an old feature.

UDDIs, UDDIs back in the day were supposed to basically organize little bit an old vulnerability and an old feature. UDDIs.

back in the day, we're supposed to basically organize enterprise web services have since

been kind of forgotten. Don't think anybody sort of really uses them much anymore, but there

are still some vulnerabilities out there that occasionally get the interest

of attackers. The one that I observed sort of having increased the last day or so was CVE 2014

4-210. This is Weblogic server--side request for jury vulnerability. The feature itself is linked to

the UDDI Explorer in WebLogic and essentially allows you to connect from the WebLogic server to

arbitrary URIs via the operator parameter.

Interesting kind of vulnerability.

I doubt it's really that fruitful, interesting that it offers such and sort of has this

search in activity.

We've seen sort of little blips over the last few months with hits against this vulnerability,

but nothing compared to what we saw yesterday,

which was something like close to 1,500 hits for this vulnerability

that usually gets nothing,

and every month or so we may get like five or so hits.

Normally, WebLogic listens on Port 7,001. And the latest search of activity

came from what looks like a Chinese ADSL IP address. And the number of government agency,

...