In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
What this article shares with you is an example analysis of weblogic remote code execution vulnerabilities. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.
Overview of 0x00 vulnerabilities
Today, Oracle has released quarterly patch updates. An Oracle WebLogic Server remote code execution vulnerability has been fixed that allows attackers to attack WebLogic without authentication.
360-CERT has conducted a relevant analysis of this vulnerability and believes that the impact of the vulnerability is serious; at present, the relevant PoC has been made public, and it is recommended that relevant users evaluate and upgrade as soon as possible.
0x01 vulnerability impact surface
Affect the version:
Weblogic 10.3.6.0
Weblogic 12.1.3.0
Weblogic 12.2.1.2
Weblogic 12.2.1.3
0x02 vulnerability details
The vulnerability is a vulnerability in the Oracle WebLogic Server component of Oracle fusion middleware (sub-component: WLS core component).
The vulnerable weblogic service allows unauthenticated attackers to access and compromise Oracle WebLogic Server over the T3 network. Successful exploitation of this vulnerability could cause an attacker to take over Oracle WebLogic Server, resulting in remote code execution.
The relevant PoC has been made public, and vulnerability verification is shown below:
Scope of influence:
Through the search of QUAKE assets system, there are as many as 11125 weblogic services exposed on the Internet worldwide and 2690 in China.
0x03 repair recommendation
This vulnerability has been fixed in the security patch released by Oracle today, and affected users are strongly advised to upgrade and update as soon as possible.
Users can download the official Oracle patch at https://support.oracle.com by using the licensed account of the genuine software.
The above is an example analysis of weblogic remote code execution vulnerabilities, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
