In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article shows you what the Weblogic WLS component REC vulnerability CVE-2017-10271 test and repair program is, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.
The first step is to build a python environment
1. First visit http://www.python.org/download/ to download the windows version of python. Download 2.7.14 here.
two。 Download the python2.7 installation package.
3. Install python
Click Next
Click Next, and you can write down "C:\ Python27\" here, and configure the system environment variables later.
Click "Next"
Wait for the installation to complete
Click Finish to complete the installation
4. Configure the python environment variable to add the parameter "C:\ Python27\" to the PATH variable
5. To test whether python is installed successfully, open the cmd command and enter python
Execute the python command: print 'Hello Worldwide'
The Python environment is configured.
The second step is to use tools to test vulnerabilities
1. First, visit https://github.com/, log in to the code hosting platform Github, and directly search for the keyword "CVE-2017-10271".
two。 Download the hanc00l/weblogic_wls_wsat_rce project and extract it to F disk (you can test the Linux version)
3. View the contents of README
Weblogic_wls_wsat_rce
The Weblogic wls-wsat component deserialization vulnerability (CVE-2017-10271) utilizes scripts, referring to https://github.com/s3xy/CVE-2017-10271 modifications.
Command execution and echo
Upload shell directly
Test OK with weblogic 10.3.6.0 under linux
Usage and parameters
Python weblogic_wls_wsat_exp.py-t 172.16.80.131purl 7001
Usage: weblogic_wls_wsat_exp.py [- h]-t TARGET [- c CMD] [- o OUTPUT] [- s SHELL]
Optional arguments:
-h,-- help show this help message and exit
-t TARGET,-- target TARGET
Weblogic ip and port (eg-> 172.16.80.131pur7001)
-c CMD,-- cmd CMD command to execute,default is "id"
-o OUTPUT,-- output OUTPUT
Output file name,default is output.txt
-s SHELL-- shell SHELL
Local jsp file name to upload,and set-o xxx.jsp
4. Execute command test: python weblogic_wls_wsat_exp.py-t targetip:port
F:\ weblogic_wls_wsat_rce-master > python weblogic_wls_wsat_exp.py-t 10.6.3.240 ls 7002-c
Traceback (most recent call last):
File "F:\ CVE-2017-10271-master\ weblogic_wls_wsat_exp.py", line 3, in
Import requests
ImportError: No module named requests
According to the error message, the requests module needs to be installed. Use the easy_install tool to execute the command to install the module: C:\ Python27\ Scripts\ easy_install.exe requests
F:\ weblogic_wls_wsat_rce-master > C:\ Python27\ Scripts\ easy_install.exe requests
Searching for requests
Reading https://pypi.python.org/simple/requests/
Downloading https://pypi.python.org/packages/b0/e1/eab4fc3752e3d240468a8c0b28460
7899d2fbfb236a56b7377a329aa8d09/requests-2.18.4.tar.gz#md5=081412b2ef79bdc482298
91af13f4d82
Best match: requests 2.18.4
Processing requests-2.18.4.tar.gz
Writing
……
Installing chardetect-script.py script to c:\ python27\ Scripts
Installing chardetect.exe script to c:\ python27\ Scripts
Installing chardetect.exe.manifest script to c:\ python27\ Scripts
Installed c:\ python27\ lib\ site-packages\ chardet-3.0.4-py2.7.egg
Finished processing dependencies for requests
Execute the command again
F:\ weblogic_wls_wsat_rce-master > python weblogic_wls_wsat_exp.py-t 10.6.3.240 ls 7002-c
Autodeploy
Bin
Config
Console-ext
Dev=null
Obviously, the command was executed successfully.
Third, update the patch to fix the vulnerability.
1. Search on https://support.oracle.com with the keyword CVE-2017-10271 to find the October 2017 patch file and download it. [p26519424_1036_Generic.zip]
two。 Perform patching operations (note: different environments and paths of this article will be different)
Cams@SCT-APP:~ > cd / home/cams/bea/middleware/wlserver_10.3/server/bin/
Cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin > ls
International setWLSEnv.sh startNodeManager.sh
Cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin >. . / setWLSEnv.sh
CLASSPATH=/home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/cams/bea/middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/java/jdk1.6.0_45/lib/tools.jar:/home/cams/bea/middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/cams/bea/middleware/wlserver_10.3/server/ Lib/weblogic.jar:/home/cams/bea/middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/home/cams/bea/middleware/wlserver_10.3/server/lib/webservices.jar:/home/cams/bea/middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/cams/bea/middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ Ant-contrib.jar:.:/usr/java/jdk1.6.0_45/lib/dt.jar:/usr/java/jdk1.6.0_45/lib/tools.jar
PATH=/home/cams/bea/middleware/wlserver_10.3/server/bin:/home/cams/bea/middleware/modules/org.apache.ant_1.7.1/bin:/usr/java/jdk1.6.0_45/jre/bin:/usr/java/jdk1.6.0_45/bin:/usr/java/jdk1.6.0_45/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:
Your environment has been set.
Cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin > java weblogic.version
WebLogic Server Temporary Patch for BUG22248372 Tue Nov 24 00:35:04 MST 2015
WebLogic Server 10.3.6.0.12 PSU Patch for BUG20780171 THU JUN 18 15:54:42 IST 2015
WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050
Use 'weblogic.version-verbose' to get subsystem information
Use 'weblogic.utils.Versions' to get version information for all modules
Cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin > cd / home/cams/bea/middleware/utils/bsu
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-status=applied-verbose-view
ProductName: WebLogic Server
ProductVersion: 10.3 MP6
Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
Nistration Console,WebLogic Server/Configuration Wizard and
Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
R,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
Erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
Erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
Ic Server/Evaluation Database,WebLogic Server/Workshop Code
Completion Support
BEAHome: / home/cams/bea/middleware
ProductHome: / home/cams/bea/middleware/wlserver_10.3
PatchSystemDir: / home/cams/bea/middleware/utils/bsu
PatchDir: / home/cams/bea/middleware/patch_wls1036
Profile: Default
DownloadDir: / home/cams/bea/middleware/utils/bsu/cache_dir
JavaVersion: 1.6.0_29
JavaVendor: Sun
Patch ID: EJUW
PatchContainer: EJUW.jar
Checksum: 1554039558
Severity: optional
Category: General
CR/BUG: 20780171
Restart: true
Description: WLS PATCH SET UPDATE 10.3.6.0.12
WLS PATCH SET UPDATE 10.3.
6.0.12
Patch ID: ZLNA
PatchContainer: ZLNA.jar
Checksum:-894774340
Severity: optional
Category: Security
CR/BUG: 22248372
Restart: true
Description: WEBLOGIC SERVER CVE-2015-4852 SECURITY ALERT PATCH (NOV 2015)
)
WEBLOGIC SERVER CVE-2015-4852 SECURITY ALERT PATCH (NOV 20
15)
Upload p26519424_1036_Generic.zip to the DownloadDir:/home/cams/bea/middleware/utils/bsu/cache_dir path and decompress it
Cams@SCT-APP:~/bea/middleware/utils/bsu > cd cache_dir/
Cams@SCT-APP:~/bea/middleware/utils/bsu/cache_dir > unzip p26519424_1036_Generic.zip
Archive: p26519424_1036_Generic.zip
Extracting: FMJJ.jar
Inflating: patch-catalog_25504.xml
Replace README.txt? [y] es, [n] o, [A] ll, [N] one, [r] ename: r
New name: README2.txt
Inflating: README2.txt
If you don't know how to patch, refer to the article http://blog.itpub.net/31394774/viewspace-2142526/
Cams@SCT-APP:~/bea/middleware/utils/bsu/cache_dir > cd.. /
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-install-patch_download_dir=/home/cams/bea/middleware/utils/bsu/cache_dir/-patchlist=FMJJ-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-verbose
Check for conflicts.
Conflict detected-resolve the conflict situation and re-perform the patch installation
Here are the details of the conflict situation:
Patch FMJJ and the following patch are mutually exclusive and cannot coexist: EJUW,ZLNA
At this point, you need to uninstall the EJUW,ZLNA patch and use the-remove command to uninstall it.
[note: uninstall ZLNA first, then uninstall EJUW]
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-remove-patchlist=EJUW-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-verbose
Check for conflicts.
Conflict detected-resolve the conflict situation and re-execute the patch removal process
Here are the details of the conflict situation:
You must remove the following patch before you can remove the selected patch: ZLNA
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-remove-patchlist=ZLNA-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-verbose
Check for conflicts.
No conflict detected
Start removing patch ID: ZLNA
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/BUG22248372_1036.jar
Update / home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
Old list value: Class-Path=.. / patch_jars/BUG22248372_1036.jar.. / patch_jars/BUG20780171_1036012.jar.. / patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar.. / patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar .. / patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar. / patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar. / patch_jars/glassfish.jaxp_1.4.5.0.jar. / patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
New inventory value: Class-Path=. / patch_jars/BUG22248372_1036.jar. / patch_jars/BUG20780171_1036012.jar. / patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar. / patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar .. / patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar. / patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar. / patch_jars/glassfish.jaxp_1.4.5.0.jar. / patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
Result: success
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-remove-patchlist=EJUW-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-verbose
Check for conflicts.
No conflict detected
Start removing patch ID: EJUW
Delete / home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar
Delete / home/cams/bea/middleware/wlserver_10.3/bugsfixed/WLS-PSU-bugsfixed.txt
Delete / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar
Delete / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-io-2.4.jar
Delete / home/cams/bea/middleware/wlserver_10.3/bugsfixed/20780171-WLS-10.3.6.0.12_PSU_WebServices-ClientSide-Configuration-README.txt
Delete / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/common/bin/wlsifconfig.sh from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlstestclient.ear from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.utils.full_1.10.0.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-2.0.war from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient+ssl.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/glassfish.jstl_1.2.0.1.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-1.2.war from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jstl-1.2.war from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.oracle.cie.config-wls_7.2.0.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/jms-notran-adp.rar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/jms-xa-adp.rar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/jdbcdrivers.xml from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wlclient.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.utils_1.10.0.0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Restore / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar from / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/BUG20780171_1036012.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxp_1.4.5.0.jar
Delete / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
Update / home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
Old list value: Class-Path=. / patch_jars/BUG20780171_1036012.jar. / patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar. / patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar. / patch_jars/glassfish.jaxb.xjc _ 1.2.0.0The 2-1-14.jar.. / patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar.. / patch_jars/glassfish.jaxp_1.4.5.0.jar.. / patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
New inventory value: Class-Path=
Result: success
Install the FMJJ patch again
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-install-patch_download_dir=/home/cams/bea/middleware/utils/bsu/cache_dir/-patchlist=FMJJ-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-verbose
Check for conflicts.
No conflict detected
Start installing patch ID: FMJJ
Install / home/cams/bea/middleware/utils/bsu/cache_dir/FMJJ.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/BUG26519424_10360171017.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxp_1.4.5.0.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.rt_1.4.0.0_2-1-5.jar
Decompress / home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.saaj.impl_1.0.0.0_2-1-5.jar
Update / home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
Old inventory value: Class-Path=
New inventory value: Class-Path=../patch_jars/BUG26519424_10360171017.jar. / patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar. / patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar. / patch_jars/glassfish.jaxb.xjc _ 1.2.0.0The 2-1-14.jar.. / patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar. / patch_jars/glassfish.jaxp_1.4.5.0.jar. / patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar. / patch_jars / glassfish.jaxws.rt_1.4.0.0_2-1-5.jar. / patch_jars/glassfish.jaxws.saaj.impl_1.0.0.0_2-1-5.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/DefaultAuthorizerInit.ldift to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wlstestclient.ear to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/jms-notran-adp.rar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/common/bin/wlsifconfig.sh to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl_1.4.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/javax.jsf_1.1.0.0_1-2.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.apache.commons.io_1.0.0.0_1-4.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.apache.xalan_2.7.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jstl-1.2.war to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/common/templates/domains/wls.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.apache.commons.collections_3.2.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-1.2.war to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.oracle.cie.config-wls_7.2.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wlclient.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/glassfish.jstl_1.2.0.1.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.ja_1.4.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-2.0.war to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient+ssl.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.apache.xml.serializer_2.7.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/jms-xa-adp.rar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/jdbcdrivers.xml to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/DefaultAuthorizerInit.ldift
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlstestclient.ear
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/jms-notran-adp.rar
Decompress / home/cams/bea/middleware/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-io-2.4.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift
Decompress / home/cams/bea/middleware/wlserver_10.3/common/bin/wlsifconfig.sh
Decompress / home/cams/bea/middleware/wlserver_10.3/bugsfixed/26519424-WLS-10.3.6.0.171017_PSU_WebServices-ClientSide-Configuration-README.txt
Decompress / home/cams/bea/middleware/wlserver_10.3/bugsfixed/WLS-PSU-bugsfixed.txt
Decompress / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl_1.4.0.0.jar
Decompress / home/cams/bea/middleware/modules/javax.jsf_1.1.0.0_1-2.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.apache.commons.io_1.0.0.0_1-4.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.apache.xalan_2.7.0.jar
Decompress / home/cams/bea/middleware/modules/glassfish.jsf_1.0.0.0_1-2-15.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar
Decompress / home/cams/bea/middleware/modules/javax.jsf_1.0.0.0_2-0.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jstl-1.2.war
Decompress / home/cams/bea/middleware/wlserver_10.3/common/templates/domains/wls.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/XACMLAuthorizerUpdate_62.ldift
Decompress / home/cams/bea/middleware/modules/com.bea.core.apache.commons.collections_3.2.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-1.2.war
Decompress / home/cams/bea/middleware/modules/com.oracle.cie.config-wls_7.2.0.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlclient.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.stax2_2.0.0.0_3-0-3.jar
Decompress / home/cams/bea/middleware/modules/glassfish.jstl_1.2.0.1.jar
Decompress / home/cams/bea/middleware/modules/glassfish.jsf_1.0.0.0_2-0-4.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.ja_1.4.0.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-2.0.war
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/DefaultAuthorizerUpdate_62.ldift
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient+ssl.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.apache.xml.serializer_2.7.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/jms-xa-adp.rar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/jdbcdrivers.xml
Backup / home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Backup / home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar to / home/cams/bea/middleware/patch_wls1036/backup/backup.jar
Decompress / home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar52609.tmp
Merge / home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar52609.tmp with / home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar22088.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar22088.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar46334.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar46334.tmp with / home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar57180.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar57180.tmp with / home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip61185.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip61185.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip
Decompress / home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar30164.tmp
Merge / home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar30164.tmp with / home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war61491.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war61491.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar25254.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar25254.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar35800.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar35800.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar63015.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar63015.tmp with / home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar1609.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar1609.tmp with / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar33270.tmp
Update / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar33270.tmp to / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar15576.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar15576.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar29013.tmp
Update / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar29013.tmp to / home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar43506.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar43506.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar43891.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar43891.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar
Decompress / home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar16566.tmp
Merge / home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar16566.tmp with / home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar
Decompress / home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar32086.tmp
Merge / home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar32086.tmp with / home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar34414.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar34414.tmp with / home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar20553.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar20553.tmp with / home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar
Decompress / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar52216.tmp
Merge / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar52216.tmp with / home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar55023.tmp
Merge / home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar55023.tmp with / home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar
Decompress / home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar45419.tmp
Update / home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar45419.tmp to / home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar
Result: success
3. View the latest patch information
Cams@SCT-APP:~/bea/middleware/utils/bsu >. / bsu.sh-prod_dir=/home/cams/bea/middleware/wlserver_10.3/-status=applied-verbose-view
ProductName: WebLogic Server
ProductVersion: 10.3 MP6
Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
Nistration Console,WebLogic Server/Configuration Wizard and
Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
R,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
Erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
Erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
Ic Server/Evaluation Database,WebLogic Server/Workshop Code
Completion Support
BEAHome: / home/cams/bea/middleware
ProductHome: / home/cams/bea/middleware/wlserver_10.3
PatchSystemDir: / home/cams/bea/middleware/utils/bsu
PatchDir: / home/cams/bea/middleware/patch_wls1036
Profile: Default
DownloadDir: / home/cams/bea/middleware/utils/bsu/cache_dir
JavaVersion: 1.6.0_29
JavaVendor: Sun
Patch ID: FMJJ
PatchContainer: FMJJ.jar
Checksum: 591477727
Severity: optional
Category: General
CR/BUG: 26519424
Restart: true
Description: WLS PATCH SET UPDATE 10.3.6.0.171017
WLS PATCH SET UPDATE 10
.3.6.0.171017
The fourth step is to use tools to retest vulnerabilities
1. Start a weblogic domain
Cams@SCT-APP:~/bea/middleware/utils/bsu > cd / home/cams/bea/middleware/user_projects/domains/cams_wf/
Cams@SCT-APP:~/bea/middleware/user_projects/domains/cams_wf > nohup. / startWebLogic.sh > / dev/null 2 > & 1 &
[1] 17849
Cams@SCT-APP:~/bea/middleware/user_projects/domains/cams_wf > netstat-nlp | grep 7006
(Not all processes could be identified, non-owned process info
Will not be shown, you would have to be root to see it all.)
Tcp 00 10.6.3.226 7006 0.0.0.0 * LISTEN 17902/java
Tcp 00 127.0.0.1 7006 0.0.0.0 * LISTEN 17902/java
two。 Testing RCE vulnerabilities
F:\ weblogic_wls_wsat_rce-master > python weblogic_wls_wsat_exp.py-t 10.6.3.226
06-c ls
[-] FAIL:404 no output
The result "FAIL:404 no output" is returned from the test, and it is clear that the vulnerability has been fixed.
3. Finally, since the previous operation unloaded the patch for the deserialization vulnerability, you need to test the existence of the "Java deserialization vulnerability". After testing, deserialization vulnerabilities have also been fixed. (specific testing tools can also be downloaded from Github)
The above is the Weblogic WLS component REC vulnerability CVE-2017-10271 test and fix what is the solution, have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
