2019 04 May 17, 360CERT detection to the Oracle in 4 December 17 release of the security Bulletin. The security Bulletin disclosed the WebLogic Server there are multiple high-risk vulnerabilities that affect multiple WebLogic components. 360CERT it is determined that the security updates for vulnerabilities affecting a wide range, the hackers make use of vulnerabilities could be remotely access the WebLogic Server permission, the recommendations of the majority of users to install WebLogic patches, so as not to suffer hacker attacks.
0x01 vulnerability rating CVE-2019-2658: serious CVE-2019-2646: serious CVE-2019-2645: high-risk CVE-2018-1258: high-risk CVE-2019-2647: high-risk CVE-2019-2648: high-risk CVE-2019-2649: high-risk CVE-2019-2650: high-risk CVE-2019-2618: - risk CVE-2019-2568: - risk CVE-2019-2615: - risk
0x02 affect the component The WLS Core Components The WLS Core Components (Spring Framework) The EJB Container WLS – Web Services
0x03 impact version Oracle WebLogic Server: 10.3.6.0.0 220.127.116.11.0 18.104.22.168.0
0x04 repair recommendations Upgrade patch If it does not rely on the T3 Protocol for the JVM communication, disable the T3 Protocol. Upgrade patch Oracle official update link address: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html Disable the T3 Protocol Enter the WebLogic console, in the base_domain configuration page, enter the Security tab page, click the filter to configure a filter. In the connection Filter, enter: weblogic. security. net. ConnectionFilterImpl, in the connection filter rules box, enter* * 7001 deny t3 t3s Save to take effect without restart
0x05 timeline 2019-04-17 Oracle official release security Bulletin 2019-04-17 360CERT warning