back to article Using Oracle WebLogic? Put down your coffee, drop out of Discord, grab this patch right now: Vuln under attack

Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems. The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions, …

  1. Steve K

    Easier said than done...

    ….would be well-advised to read and follow Oracle's advisories

    Reading is one thing, following is another.....

    Oracle's patching advisories (at least from WebLogic/Fusion Middleware) seem to be designed to make it as difficult/opaque as possible to work out what actually needs to be done....

    (I have been patching 10.3.6 today....)


    1. Anonymous Coward
      Anonymous Coward

      Re: Easier said than done...

      ... and why should patching WebLogic be any easier or transparent than any of Oracle's other middleware, let alone its database products? This is _Oracle_ WebLogic, after all!

    2. Zebranky

      Re: Easier said than done...

      Indeed, The KnownSec 404 Team Announcement was actually more useful in terms of providing mitigations.

      Temporary Solution


      Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service


      Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.

  2. Gary Heard

    From the company that brought you "Unbeakable" Linux

    The title says it all

  3. Alistair

    Oracle CVEs

    Does no one remember jrockit?

    /me shudders at the memory, and thanks whatever deities exist for currently *NOT* having oracle products in his balliwick.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like