Reply to post: Re: Easier said than done...

Using Oracle WebLogic? Put down your coffee, drop out of Discord, grab this patch right now: Vuln under attack


Re: Easier said than done...

Indeed, The KnownSec 404 Team Announcement was actually more useful in terms of providing mitigations.

Temporary Solution


Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service


Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021