AnsweredAssumed Answered

Attacks from Qualys IP range

Question asked by Bojan Nedeljkovic on Aug 22, 2019
Latest reply on Aug 23, 2019 by Bojan Nedeljkovic

Hi,

 

I am working for a company called Safefood360.

 

We've noticed a large number of requests coming from IP range that belongs to Qualys (64.39.99.*) and it appears that those requests are targeting exploits in Oracle WebLogic WLS-WSAT Component. Example:

URL: https://52.xxx.xxx.xxx/wls-wsat/RegistrationRequesterPortType11

 

Thankfully, we don't use this component. Do you have any idea why are we getting these requests?

 

Also, it seems that your registration form is broken (I could not tick on a box to agree on T&C, I had to enable it through Chrome dev tools).

 

Regards,

Outcomes