jinri�������,oracleguanfangfabule7yuefen�������deguanjianbudinggengxincpu(critical patch update)�������,qizhongbaohanguoneianquanyanjiurenyuanfaxian�������deoracle�������degaoweiyuanchengdaimazhixingloudong(cve-2018-2893)�������,tongguogailoudonggongjizhekeyizaiweishouquan�������deqingkuangxiayuanchengzhixingrenyidaima�������。
漏洞概述
亚博买球weblogic�����shimeiguooraclegongsichupin�����deyigeapplication server�����,queqie�����deshuo�����shiyigejiyujavaeejiagou�����dezhongjianjian�����,weblogic�����shiyongyukaifa�����、jicheng�����、bushuheguanlidaxingfenbushiwebyingyong�����、wangluoyingyongheshujukuyingyong�����dejavayingyongfuwuqi�����。jiangjava�����dedongtaigongnenghejava enterprisebiaozhun�����deanquanxingyinrudaxingwangluoyingyong�����dekaifa�����、jicheng�����、bushuheguanlizhizhong�����。
亚博买球gailoudongtongguojrmpxieyiliyongrmijizhi�������dequexiandadaozhixingrenyifanxuliehuadaima�������demu�������de�������。gongjizhekeyizaiweishouquan�������deqingkuangxiajiangpayloadfengzhuangzait3xieyizhong�������,tongguoduit3xieyizhong�������depayloadjinxingfanxuliehua�������,congershixianduicunzailoudong�������deweblogiczujianjinxingyuanchenggongji�������,zhixingrenyidaimabingkehuoqumubiaoxitong�������desuoyouquanxian�������。
漏洞危害
亚博买球tongguogailoudonggongjizhekeyizaiweishouquan����deqingkuangxiayuanchengzhixingrenyidaima����。
受影响范围
weblogic 10.3.6.0
weblogic 12.1.3.0
亚博买球weblogic 12.2.1.2
亚博买球weblogic 12.2.1.3
yishangjunweiguanfangzhichi�������debanben�������。
修复建议
1������、guanzhuoracleguanfangcpugengxinbuding������,jishijinxinggengxin������。
2�������、kongzhit3xieyi�������defangwen:ciloudongchanshengyuweblogic�������det3fuwu�������,yinciketongguokongzhit3xieyi�������defangwenlailinshizuduanzhenduigailoudong�������degongji�������。dangkaifangweblogickongzhitaiduankou(morenwei7001duankou)shi�������,t3fuwuhuimorenkaiqi�������。juticaozuoruxia:
亚博买球diyibu:jinruweblogickongzhitai����,zaibase_domain����depeizhiyemianzhong����,jinru“anquan”xuanxiangkayemian����,dianji“shaixuanqi”����,jinrulianjieshaixuanqipeizhi����。
dierbu:zailianjieshaixuanqizhongshuru:weblogic.security.net.connectionfilterimpl�����,zailianjieshaixuanqiguizezhongshuru:127.0.0.1 * * allow t3 t3s�����,0.0.0.0/0 * * deny t3 t3s(t3het3sxieyi�����desuoyouduankouzhiyunxubendifangwen)�����。
disanbu:baocunhouxuzhongxinqidong������,guizefangkeshengxiao������。
亚博买球3�������、shengjidaojdk-8u20yishang�������debanben�������。
