back to article Using Oracle WebLogic? Put down your coffee, drop out of Discord, grab this patch right now: Vuln under attack

Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems. The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0. …

  1. Steve K

    Easier said than done...

    ….would be well-advised to read and follow Oracle's advisories

    Reading is one thing, following is another.....

    Oracle's patching advisories (at least from WebLogic/Fusion Middleware) seem to be designed to make it as difficult/opaque as possible to work out what actually needs to be done....

    (I have been patching 10.3.6 today....)

    Steve

    1. Anonymous Coward
      Anonymous Coward

      Re: Easier said than done...

      ... and why should patching WebLogic be any easier or transparent than any of Oracle's other middleware, let alone its database products? This is _Oracle_ WebLogic, after all!

    2. Zebranky

      Re: Easier said than done...

      Indeed, The KnownSec 404 Team Announcement was actually more useful in terms of providing mitigations.

      https://medium.com/@knownsec404team/knownsec-404-team-alert-again-cve-2019-2725-patch-bypassed-32a6a7b7ca15

      Temporary Solution

      Scenario-1:

      Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service

      Scenario-2:

      Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.

  2. Gary Heard

    From the company that brought you "Unbeakable" Linux

    The title says it all

  3. Alistair
    Windows

    Oracle CVEs

    Does no one remember jrockit?

    /me shudders at the memory, and thanks whatever deities exist for currently *NOT* having oracle products in his balliwick.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like