I. Overview

Recently, Oracle released a critical patch update advisory to disclose multiple high-risk WebLogic vulnerabilities, including remote code execution, arbitrary file upload, and deserialization vulnerabilities. Attackers can exploit these vulnerabilities to remotely obtain privileges on WebLogic servers, bringing high security risks.

HUAWEI CLOUD hereby reminds tenants to implement system check and security hardening.

Reference link:

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Vulnerability Description

4. Scope of Influence

Affected Products:

Oracle WebLogic Server 10.3.6.0.0

Oracle WebLogic Server 12.1.3.0.0

Oracle WebLogic Server 12.2.1.3.0

Affected Components:

WLS Core Components

WLS Core Components (Spring Framework)

EJB Container

WLS - Web Services

IV: Workarounds

1. Install the latest patch.

2. If the WebLogic components do not depend on the T3 protocol for JVMcommunication, disable the T3 protocol following the procedure below:

a) Log in to the WebLogic console. On the base_domain configuration page, choose the Security tab page, and click Filter.

b) Enter weblogic.security.net.ConnectionFilterImpl in the connection filter.

c) Enter * * 7001 deny t3 t3s in the connection filter rule box.

3. Enable access policy of Web Application Firewall (WAF) to block access from affected URLs.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.