Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to solve the remote code execution vulnerability of Oracle deserialization". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to solve the remote code execution vulnerability of Oracle deserialization.

0x00 vulnerability background

Details of the Oracle Coherence deserialization remote code execution vulnerability (CVE-2020-2555) detected by 360CERT on March 6, 2020 have been made public.

Oracle Coherence is a product of Oracle converged middleware, which is integrated into the WebLogic installation package by default in WebLogic 12c and above.

T3 is a protocol used to transfer information between WebLogic servers and other types of Java programs.

0x01 risk rating

360CERT assesses the vulnerability

Evaluation method, threat level, high risk impact area is general.

It is recommended that users using Weblogic disable or disable T3 protocol to avoid malicious attacks.

0x02 affects version

Oracle Coherence 3.7.1.17

Oracle Coherence 12.1.3.0.0

Oracle Coherence 12.2.1.3.0

Oracle Coherence 12.2.1.4.0

0x03 repair recommendation

To upgrade the patch, refer to the patch https://www.oracle.com/security-alerts/cpujan2020.html released on the official website of oracle. If you do not rely on T3 protocol for JVM communication, disable T3 protocol.

Go to the WebLogic console, on the base_domain configuration page, go to the security tab page, click filter, and configure the filter. Enter: weblogic.security.net.ConnectionFilterImpl in the connection filter, and enter 7001 deny T3 T3 in the connection filter rule box to save it (restart required)

0x04 product side solution 360city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such loopholes / events by means of asset mapping technology, and users are asked to contact the relevant product area leaders to obtain the corresponding products.

360AISA full-flow threat Analysis system

Based on the model of big data and combat experience training, 360AISA carries out full-flow threat detection to achieve real-time accurate attack alarm and restore the attack chain.

At present, the product has the ability to detect this vulnerability / attack in real time.

At this point, I believe that everyone on the "Oracle deserialization of remote code execution vulnerabilities how to solve" have a deeper understanding, might as well to actual operation it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.