Oracle WebLogic Server Multiple Remote Code Execution Vulnerabilities Alert

Oracle officially released the Critical Patch Update (CPU ) in April 2020, which fixed 397 vulnerabilities of varying degrees. These include three serious vulnerabilities against Weblogic (CVE-2020-2801, CVE-2020-2883, CVE-2020-2884) and an Oracle Coherence remote code execution vulnerability (CVE-2020-2915), which uses the Oracle Coherence library. This time the four vulnerabilities are all flaws in the T3 protocol, and unauthenticated attackers can achieve remote code execution through such vulnerabilities. The CVSS score is 9.8, and the utilization complexity is low. It is recommended that users take measures as soon as possible to protect your Oracle WebLogic Server.

Affected WebLogic versions:

  • 10.3.6.0.0
  • 12.1.3.0.0
  • 12.2.1.3.0
  • 12.2.1.4.0

Affected Coherence version:

  • 3.7.1.0
  • 12.1.3.0.0
  • 12.2.1.3.0
  • 12.2.1.4.0

Solution

Oracle has released the patch to fix the above vulnerabilities, please refer to the official notice to download the updated patch of the affected product in time, and refer to the readme file in the patch installation package to install and update to ensure long-term effective protection.

If the user is temporarily unable to install the update patch, the vulnerability can be temporarily protected by the following measures:

Users can temporarily block attacks against T3 protocol vulnerabilities by controlling T3 protocol access. Weblogic Server provides a default connection filter named weblogic.security.net.ConnectionFilterImpl. This connection filter accepts all incoming connections. You can configure rules through this connection filter to control access to T3 and T3s protocols.