- 博客(0)
- 资源 (7)
- 收藏
- 关注
p32052267_1036_Generic.zip
其中影响较大的漏洞如下:
1. CVE-2021-1994
攻击者可以在未授权的情况下通过 HTTP 访问,从而破坏 Oracle Web
Logic Server。成功利用该漏洞的攻击者可以接管 WebLogic Server。
2. CVE-2021-2047、CVE-2021-2064、CVE-2021-2108、CVE-2021-2075
攻击者可以在未授权的情况下通过 IIOP、T3 协议对存在漏洞的 WebL
ogic Server 组件进行攻击。成功利用该漏洞的攻击者可以接管 WebL
ogic Server。
2021-01-27
p32300397_122130_Generic.zip
Oracle 官方发布了 2020 年 1 月的关键补丁程序更新 CPU(Critical Patch
Update),其中修复了多个存在于 WebLogic 中的漏洞包括 CVE-2021-1994、
CVE-2021-2047、CVE-2021-2064、CVE-2021-2108、CVE-2021-2075、CVE-2021-
2066、CVE-2021-2067、CVE-2021-2068、CVE-2021-2069、CVE-2021-2109
2021-01-27
p32097173_12213201001_Generic.zip
修复CVE-2020-14750漏洞
2020年11月03日,360CERT监测发现 Oracle官方 发布了 Weblogic 验证绕过漏洞 的风险通告,该漏洞编号为 CVE-2020-14750 ,漏洞等级:严重,漏洞评分:9.8。
该漏洞由 360CERT 安全研究员提交,为 CVE-2020-14882 补丁的绕过,远程攻击者可以构造特殊的 HTTP 请求,在未经身份验证的情况下接管 WebLogic Server Console ,从而执行任意代码。
对此,360CERT建议广大用户及时将 Weblogic 升级到最新版本。与此同时,请做好资产自查以及预防工作,以免遭受黑客攻击。
2020-12-02
p30463097_1036_Generic.zip
This README provides information about how to apply Oracle WebLogic Server
Patch Set Update 10.3.6.0.200114. It also provides information about reverting to
the original version.
Released: JAN, 2020
Oracle recommends that you see following key notes
--------------------------------------------------
- My Oracle Support NOTE: 1306505.1 Announcing Oracle WebLogic Server PSUs (Patch Set Updates)
https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1306505.1
- My Oracle Support NOTE: 1470197.1 Master Note on WebLogic Server Patch Set Updates (PSUs)
https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1470197.1
- Beginning January 2019, WLS 10.3.6 is under Extended Support. It is recommended that you upgrade to 12c R2.
Only customers who have contracted for Extended Support are entitled to download and use PSUs created for a product in Extended Support
https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=2067900.1
- Download the Error Correction Policy document and see "4.2 Policies – Critical Patch Update Program".
https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=209768.1
- It is required to use Java SE 7 with WLS 10.3.6 as Java SE 6 has reached the end of Extended Support.
https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=952075.1
Smart Update Details of Oracle WebLogic Server Patch Set Update 10.3.6.0.200114
-------------------------------------------------------------------------------
2020-03-10
p29814665_122130_Generic.zip
WebLogic12.2.1.3补丁 p29814665_122130
该补丁合集修复了下面新增的安全漏洞:
29585099 THE BACKPORT OF 27057023 CONTAINS AN ERROR
23071867 AGL DS XA AFFINITY NOT HONORED IN SOME TX LOCAL RESOURCE ASSIGNMENT SCENARIOS
29448643 JAVA.IO.INVALIDCLASSEXCEPTION: FILTER STATUS: REJECTED
29671623 CVE-2019-2725
26403575 CVE-2016-7103
29667975 CVE-2019-2824
29726561 CVE-2019-2729
29701537 CVE-2019-2827
1.2 Oracle WebLogic 12.1.3.0.190716
该补丁合集修复了下面新增的安全漏洞:
29667975: CVE-2019-2824
29671623: CVE-2019-2725
26403575: CVE-2016-7103
29701537: CVE-2019-2827
29870012: WLDATASOURCE.GETCONNECTIONTOINSTANCE(STRING INSTANCE) CAN FAIL IF NO CONNECTIONS TO INSTANCE HAVE BEEN PROCESSED
29448643: JAVA.IO.INVALIDCLASSEXCEPTION: FILTER STATUS: REJECTED
29312272: WSDL ERROR MUST ATTRIBUTE 'NAME' NOTFOUND IN ELEMENT 'BINDING
23071867: AGL DS XA AFFINITY NOT HONORED IN SOME TX LOCAL RESOURCE ASSIGNMENT SCENARIOS
29726561: CVE-2019-2729
1.3 Oracle WebLogic 12.2.1.3.190522
该补丁合集修复了下面新增的安全漏洞:
25369207: JAVA.LANG.OUTOFMEMORY ERROR HAPPENS WHEN INITIALIZING AN APPLICATION
29338121: CVE-2019-2799
29448643: JAVA.IO.INVALIDCLASSEXCEPTION: FILTER STATUS: REJECTED
29312272: WSDL ERROR MUST ATTRIBUTE 'NAME' NOTFOUND IN ELEMENT 'BINDING
26987594: ALLOW SUPRESSING CROSS COMPONENT WIRING PROCESSING DURING PROVISIONING
27010571: <INCOMING MESSAGE HEADER OR ABBREVIATION PROCESSING FAILED
26075541: .APPMERGEGEN_$DIGIT DIR REMAIN EVERY TIME BY DEPLOYING A EAR ON WLS 12.2.1
27823500: REGRESSION BUG WHICH INTRODUCED BY THE BUG FIXING OF 27678101
27248932: TRACKING BUG FOR 26941603 FOR WLS
25294832: WLS 12.2.1.2 DEPLOYMENT ERRORSMETHOD _JSPSERVICE EXCEEDS 65535 BYTES LIMIT
26131085: IMPROVE CORRUPT STORE RECOVERY
27659077: JSPS ARE GETTING RECOMPILED ON EVERY REQUEST
26403575: CVE-2016-7103
29667975: CVE-2019-2824
28278427: VERSION ADDED TWICE WHEN SAVING A SECURITY POLICY
29726561: CVE-2019-2729
29701537: CVE-2019-2827
29411629: CVE-2019-2856
29789769: FIXED AN ISSUE WITH XML
2019-08-23
p32052261_121300_Generic.zip
This document describes how to install patch for bug # 32052261.
It includes the following sections:
- Section 1: Zero Downtime Patching
- Section 2: Prerequisites
- Section 3: Pre-Installation Instructions
- Section 4: Installation Instructions
- Section 5:
2005-08-11
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人