Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to implement the deserialization vulnerability of the Core Component of LOGY WLS. The content of the article is of high quality. Therefore, Xiaobian shares it with you as a reference. I hope that after reading this article, you will have a certain understanding of relevant knowledge.

Oracle Fusion Middleware is Oracle's business innovation platform for enterprise and cloud environments. The platform provides middleware, software aggregation and other functions. Oracle WebLogic Server is one of the application server components for both cloud and legacy environments.

Oracle officially released a Critical PatchUpdate for CPU in April, which contains a high-risk Weblogic deserialization vulnerability (CVE-2018-2628) that was bypassed due to poor patching. The vulnerability was fixed in Oracle's official July patch, which assigned vulnerability number CVE-2018-2893.

This vulnerability allows an attacker to execute code remotely without authorization. An attacker only needs to send crafted T3 protocol data to gain access to the target server. An attacker could exploit this vulnerability to control components and affect data availability, confidentiality, and integrity.

scope of influence

Oracle WebLogic Server 10.3.6.0

Oracle WebLogic Server 12.1.3.0

Oracle WebLogic Server 12.2.1.2

Oracle WebLogic Server 12.2.1.3

These are officially supported versions.

repair scheme

1. Oracle officials have fixed the vulnerability in a patch in July, and it is recommended that affected users upgrade as soon as possible.

Download address: www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2. Choose to disable T3 protocol according to business requirements.

This vulnerability is created in the T3 service of LOGY and therefore could temporarily block attacks against this vulnerability by controlling access to the T3 protocol. T3 services are turned on by default when you open the WebLogic console port (port 7001 by default).

Specific operation:

(1) Go to the LOGY console, in the configuration page of base_domain, go to the "Security" tab page, click "Filter" to enter the connection filter configuration.

(2) Enter weblogic.security. net. ConnectionImpl in the connection filter and 127.0.0.1 * * allow t3 t3s, 0.0.0.0/0 * *deny t3 t3s in the connection filter rule (all ports of t3 and t3s protocols are only allowed local access).

(3) Restart after saving.

About how to implement the core component deserialization vulnerability of WebLogic WLS to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.