edit-icon download-icon

[Vulnerability notice] CVE-2017-3248: Deserialization vulnerability in WebLogic

Last Updated: Apr 08, 2018

It was revealed that the patch to fix the deserialization vulnerability may be bypassed in the well-known web middleware WebLogic. After installation, the patch is bypassed and remote command execution attacks occur. This vulnerability brings high security risks. Oracle officially released the latest patch in a timely manner to fix the vulnerability. We recommend that you perform self-check and upgrade immediately.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-3248

Vulnerability name

WebLogic deserialization vulnerability

Vulnerability rating

High

Vulnerability description

The deserialization vulnerability in remote command execution is detected in Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1. A malicious attacker can remotely run commands by constructing malicious request packets to obtain system permissions, which brings serious security risks.

Condition and method of exploitation

Remote exploitation

Affected scope

  • WebLogic 10.3.6.0
  • WebLogic 12.1.3.0
  • WebLogic 12.2.1.0
  • WebLogic 12.2.1.1

Vulnerability detection

  • Check whether any affected version is used.
  • Check whether WebLogic Port 7001 is open.

How to fix or mitigate

  • The vendor has released the latest patch to fix the vulnerability. We recommend that you install the latest patch immediately.

    Note: The Oracle official patch requires that you have a licensed account to buy genuine software. Use your account to log on to https://support.oracle.com and download the latest patch.

  • Use security group policies to block the intranet and Internet inbound traffic on Port 7001.

Reference

[1]. http://www.securityfocus.com/bid/95465
[2]. http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixFMW

Thank you! We've received your feedback.