It was revealed that the patch to fix the deserialization vulnerability may be bypassed in the well-known web middleware WebLogic. After installation, the patch is bypassed and remote command execution attacks occur. This vulnerability brings high security risks. Oracle officially released the latest patch in a timely manner to fix the vulnerability. We recommend that you perform self-check and upgrade immediately.
See the following for more information about the vulnerability.
WebLogic deserialization vulnerability
The deserialization vulnerability in remote command execution is detected in Oracle WebLogic Server 10.3.6.0, 18.104.22.168, 22.214.171.124, and 126.96.36.199. A malicious attacker can remotely run commands by constructing malicious request packets to obtain system permissions, which brings serious security risks.
Condition and method of exploitation
- WebLogic 10.3.6.0
- WebLogic 188.8.131.52
- WebLogic 184.108.40.206
- WebLogic 220.127.116.11
- Check whether any affected version is used.
- Check whether WebLogic Port 7001 is open.
How to fix or mitigate
The vendor has released the latest patch to fix the vulnerability. We recommend that you install the latest patch immediately.
Note: The Oracle official patch requires that you have a licensed account to buy genuine software. Use your account to log on to https://support.oracle.com and download the latest patch.
Use security group policies to block the intranet and Internet inbound traffic on Port 7001.