WEBLOGIC Remote Code Execution CVE-2018-3191 - How to Fix

Updated on:

Overview

Oracle Weblogic Remote Code Execution vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in takeover of Oracle WebLogic Server, hence remote code execution

 

Affected versions

Weblogic 10.3.6.0

Weblogic 12.1.3.0

Weblogic 12.2.1.3

 

Solution

This vulnerability primarily affects t3 protocols. The easily exploitable vulnerability allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in the takeover of Oracle WebLogic Server. Oracle has fixed this vulnerability in the October CPU. Affected users are strongly advised to upgrade their products as soon as possible to effectively address this issue.

The official patch for this vulnerability from Oracle critical patch unit can be downloaded only by those with a licensed account of the software here.

 

Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at ko-fi.com

Signup for Exclusive "Subscriber-only" Content

More from Middleware Inventory

  • Apache Clickjack
    WebLogic Remote Code Execution Vulnerability (CVE-2019-2725)

    Overview Oracle WebLogic is vulnerable to a new deserialization vulnerability that could allow an attacker to execute remote commands on vulnerable hosts. This vulnerability was identified in China by China National Vulnerability Database (CNVD) published a Security Team, they have issued a bulletin about an unauthenticated remote command execution (RCE)…

  • Weblogic Config XML reader

    Have you ever wanted to get the server configuration information of WebLogic directly from config.xml without using WLST. I recently had the same requirement and spent a little time ( I think ) to create this simple XML parser in python which helped me in reading the config.xml file's content…

  • Oracle Weblogic Basic Authentication

    Overview   Oracle WebLogic Server authentication is enabled by default. However, this configuration prevents Oracle WebLogic Server from using application managed authentication. You must disable Oracle WebLogic Server authentication by setting the enforce-valid-basic-auth-credentials parameter to false. Procedure  To disable Oracle WebLogic Server authentication: In a text editor, open the xmlfile from the domain folder. The config.xml file is in the Oracle/Middleware/user_projects/domains/domain_name/config directory. Locate the <security-configuration> Add the…

  • Recover weblogic password
    Recover weblogic password in 4 steps - Weblogic 12c

    The Objective In this post, we will see the easiest way possible to decrypt the WebLogic admin server password. in other words, recovering WebLogic password. You do not need to create a JAR file or copy any security-related files etc. You do not even need your AdminServer to be running. Just…

  • Weblogic Application Deployment Parser

    Let me introduce  Weblogic Application Deployment Parser , A tool designed to list all the application (app-deployment) configuration from the config.xml file of weblogic. It uses the same core of Weblogic Config XML Reader you can find it here Though there are  weblogic.Admin and WLST ways to get the deployed…