WebLogic Server Vulnerability
- Date Published:2017-12-22
- Last Updated:2018-01-03
- Version Affected: Oracle Weblogic Server 10.3.5.0 Oracle Weblogic Server 10.3.6.0 Oracle Weblogic Server 18.104.22.168 Oracle Weblogic Server 22.214.171.124 Oracle Weblogic Server 126.96.36.199
- CVE: CVE-2017-10271
Recently, a great many enterprises had WebLogic servers attacked by hackers. Sangfor Security Team released a security alert that unpatched WebLogic servers contain high-threat vulnerability (CVE-2017-10271). As of now, more than one exploit kits are available on the Internet.
Definition From Encyclopedia
WebLogic Server is an application server developed by Oracle Corporation. More specifically, it is a middleware based on Java EE platform, and can be used to develop, integrate, deploy and manage large-scale distributed Web applications, web applications and database applications.
WebLogic WLS-WSAT, is the component that can be exploited the vulnerability by attackers to craft malicious data packets, in order to trigger deserialization and execute remote command. When dealing with customers’ security events caused by this vulnerability, we found that this vulnerability has been exploited by a mining program, watch-smartd.
1. Oracle has released patches to fix the vulnerability CVE-2017-10271. To patch affected versions, you may visit the following link to download the patches.
2. For Sangfor NGAF customers, update security database to the latest version.