Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to realize the early warning of deserialization vulnerability of WebLogic WLS Core components

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

How to achieve WebLogic WLS core component deserialization vulnerability early warning, in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Vulnerability / event summary

In the early morning of April 18, Beijing time, Oracle officially released a key patch update CPU (CriticalPatchUpdate) for April, which contains a high-risk Weblogic deserialization vulnerability (CVE-2018-2628) through which an attacker can remotely execute code without authorization. An attacker only needs to send carefully constructed T3 protocol data to gain privileges on the target server. An attacker can exploit this vulnerability to control components and affect the availability, confidentiality and integrity of data.

Risk level

Serious

Scope of influence

OracleWebLogicServer10.3.6.0

OracleWebLogicServer12.1.3.0

OracleWebLogicServer12.2.1.2

OracleWebLogicServer12.2.1.3

Disposal suggestion

Upgrade the Oracle201804 monthly patch

This is the answer to the question on how to realize the early warning of deserialization vulnerabilities of WebLogic WLS core components. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report