Reply to post: Re: Easier said than done...

Using Oracle WebLogic? Put down your coffee, drop out of Discord, grab this patch right now: Vuln under attack

Zebranky

Re: Easier said than done...

Indeed, The KnownSec 404 Team Announcement was actually more useful in terms of providing mitigations.

https://medium.com/@knownsec404team/knownsec-404-team-alert-again-cve-2019-2725-patch-bypassed-32a6a7b7ca15

Temporary Solution

Scenario-1:

Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service

Scenario-2:

Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021