WebLogic Server Vulnerability

Summary

Recently, a great many enterprises had WebLogic servers attacked by hackers. Sangfor Security Team released a security alert that unpatched WebLogic servers contain high-threat vulnerability (CVE-2017-10271). As of now, more than one exploit kits are available on the Internet. 

Definition From Encyclopedia 

WebLogic Server is an application server developed by Oracle Corporation. More specifically, it is a middleware based on Java EE platform, and can be used to develop, integrate, deploy and manage large-scale distributed Web applications, web applications and database applications.

Summary

WebLogic WLS-WSAT, is the component that can be exploited the vulnerability by attackers to craft malicious data packets, in order to trigger deserialization and execute remote command. When dealing with customers’ security events caused by this vulnerability, we found that this vulnerability has been exploited by a mining program, watch-smartd.

Solution

1. Oracle has released patches to fix the vulnerability CVE-2017-10271. To patch affected versions, you may visit the following link to download the patches.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

2. For Sangfor NGAF customers, update security database to the latest version.