Shulou(Shulou.com)05/31 Report--

How to carry out Oracle Logic remote command execution vulnerability warning, in response to this problem, this article describes the corresponding analysis and solution in detail, hoping to help more small partners who want to solve this problem find a simpler and easier way.

On April 17, 2019, the National Information Security Vulnerability Sharing Platform (CNVD) officially issued a security bulletin stating that the Oracle Logic wls9-async component has a deserialization remote command execution vulnerability, which can be exploited by attackers to remotely execute commands without authorization.

Later, it was known that Chuangyu 404 Lab started the emergency process. After analysis, the vulnerability was reproduced and it was determined that the vulnerability affected all Weblogic versions (including the latest version) with wls9_async_response.war and wls-wsat.war components enabled. By the time this warning was released, the official still did not release the corresponding repair patch, belonging to the "0day security" vulnerability.

It is worth noting that Chuangyu's Chuangyu Shield monitoring found traces of vulnerability scanning as early as April 17. In addition, a total of 100671 historical data were retrieved from Chuangyu ZoomEye cyberspace search engine, including 30,600 in China, mainly distributed in Beijing, Guangdong, Shanghai and other provinces and cities.

Knowing that Chuangyu 404 Lab issued an emergency vulnerability warning, it is suggested that all users who use Oracle OL should pay attention to it and pay attention to prevention. After confirming that Chuangyu's cloud security defense product "Chuangyu Shield" can defend against this vulnerability without upgrading.

Temporary solutions:

Scenario 1: Find and delete wls9_async_response.war, wls-wsat.war, and restart Weblogic service;

Scenario 2: Prevent URL access to/_async/* and/wls-wsat/*(note) paths through access policy control;

Option 3: Enable deployment of Genesis Shield.

About how to carry out Oracle WebLogic remote command execution vulnerability warning questions to share the answer here, I hope the above content can have some help for everyone, if you still have a lot of doubts not solved, you can pay attention to the industry information channel to learn more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.