Security Vulnerabilities at IP
Environment Description:
OS – Oracle V 6.6 Weblogic Version – 12.2.1.0
Application Server IP : 192.168.0.132 Port : 8001
Soon after Nessus scan security vulnerabilities are detected as below for the above mentioned IP and port.
1. SSL RC4 Cipher Suites Supported (Bar Mitzvah)
2. SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
3. SSL Medium Strength Cipher Suites Supported
4. SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
This means that the cipher suites which are using the ciphers are weak and needs to be reconfigured with stronger ciphers.
Check the java version and validate the ciphers list.
Java version can be checked as below in terminal :
Now what is required is to check , whether ciphers which we will add in application server configuration is supported by java version. The below link contains more details on ciphers suites.
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
Now to add the ciphers in Oracle WebLogic Application Server follow the below steps.
Step 1 : Go to config folder (Directory structure may be different for different environments but configuration remains the same). for example my directory structure is as below :
Step 2 : it is very important to take backup of config.xml file as it is a very important file and holds all application server configuration.
Step 3 : Edit config.xml file as below
Step 4 : Save the config.xml file and restart the server.
Step 5 : Rescan the IP again either with nmap or nessus and you will find the vulnerabilities are eliminated now.
Note : I have added Advanced Encryption Securities with 128 and 256 encryption, you can more strong ciphers as per the security requirement.
Cheers..!