Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to enterprise environments that use these proxy components.
The vulnerability stems from a defect in how the WebLogic Server Proxy Plug-ins for Apache HTTP Server and Microsoft IIS handle incoming requests. Because the flaw is located in the proxy layer, it exposes critical infrastructure to unauthenticated, remote exploitation without requiring user interaction.
This vulnerability is characterized by its low attack complexity and high impact. An unauthenticated attacker with network access via HTTP can exploit this flaw to bypass security controls entirely.
The issue impacts the Oracle HTTP Server and the WebLogic Server Proxy Plug-in, which are often deployed in DMZs to forward requests to backend WebLogic clusters.
According to the disclosure, the vulnerability allows for unauthorized access to critical data. Furthermore, it permits attackers to manipulate the integrity of the system, granting the ability to create, delete, or modify data accessible to the Oracle HTTP Server.
A significant aspect of this CVE is the “Scope Change” (S:C) metric in the CVSS vector. This indicates that while the vulnerability exists within the Proxy Plug-in, a successful exploit can impact resources and components beyond the plug-in itself, potentially allowing attackers to pivot into the backend WebLogic environment.
The flaw has received a CVSS 3.1 Base Score of 10.0, highlighting its critical nature. While the availability impact is listed as none in the vector, the complete loss of confidentiality and integrity renders the server effectively compromised.
Administrators should verify their installations immediately. The vulnerability affects the Oracle Fusion Middleware component: WebLogic Server Proxy Plug-in for Apache HTTP Server and WebLogic Server Proxy Plug-in for IIS.
The specific supported versions vulnerable to this exploit include:
Given the ease of exploitation and the criticality of the data at risk, organizations are urged to immediately apply the necessary patches provided in Oracle’s Critical Patch Update (CPU).
If immediate patching is not feasible, security teams should consider restricting network access to the affected HTTP ports to trusted IP addresses only, although this may disrupt legitimate web traffic.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server appeared first on Cyber Security News.
DETROIT — An urgent investigation is underway in Detroit after multiple students were hospitalized this…
LANSING, Mich. — A major budget standoff is now underway in Michigan after state Senate…
STARKE COUNTY, IND. (WOWO) A former employee of the Starke County Sheriff’s Department has pleaded…
The status of New Hampshire’s end to mandatory car inspections might still be murky in…
Five major dairy farms populated the half-mile stretch of Upper City Road in Pittsfield where…
Resident Evil Requiem players were sad to see the Merchant left out of Leon's latest…
This website uses cookies.