Oracle WebLogic zero-day discovered in the wild

Several application running Oracle Weblogic were detected by Nessus as having a vulnerable version (being exploited in the wild).

Impacted Versions: WebLogic 10.X, WebLogic 12.1.3

Resolution/ Workaround:
Oracle is working on the fix, below is the work around for the time being.

To prevent attacks, KnownSec 404 is recommending that companies either remove the vulnerable components and
restart their WebLogic servers, or put firewall rules in place to prevent requests being made to two URL
paths exploited by the attacks ( /_async/* and /wls-wsat/*).

Remove below 2 wars form installation and bounce the JVM’s with server tmp clean.

bea-wl1213/oracle_common/modules/com.oracle.webservices.wls.bea-wls9-async-response_12.1.3.war
bea-wl1213/oracle_common/modules/com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3.war

Leave a Reply