Weblogic升级JDK
背景:
Weblogic远程代码执行漏洞(CVE-2021-2109)
该漏洞风险为“高”,影响版本:Weblogic Server 10.3.6.0.0、12.1.3.0.0、12.2.1.3.0、12.2.1.4.0、14.1.1.0.0。
修复方式:
升级Weblogic运行环境的JDK版本,具体参考如下
升级方法(路径根据实际情况修改):
1)修改 ./Oracle/Middleware/user_projects/domains/base_domain/bin/setDomainEnv.sh
2)修改 ./Oracle/Middleware/oracle_common/common/bin/commEnv.sh(12c)
./Oracle/Middleware/wlserver_10.3/common/bin/commEnv.sh(11g)
3)重启AdminServer、NodeManager Server、ManagedWebLogic Server
升级过程中遇到的问题和解决办法:
1)控制台web页面加载不出来
找到新的JDK目录 cd ./jre/lib/security , 修改java.security中securerandom.source参数,由securerandom.source=file:/dev/urandom修改为securerandom.source=file:/dev/./urandom
2)NodeManager无法管理ManagedWebLogic Server,报错javax.net.ssl.SSLHandshakeException: General SSLEngine problem
暂时还搞明白逻辑,怀疑是SSL证书的问题,临时解决办法为在控制态中将节点管理器的类型修改为普通,然后vim ./Oracle/Middleware/user_projects/domains/base_domain/nodemanager/nodemanager.properties,修改参数SecureListener=true为SecureListener=false,然后重启AdminServer和NodeManager Server
参考文档:
https://docs.oracle.com/cd/E13150_01/jrockit_jvm/jrockit/geninfo/diagnos/aboutjrockit.html-----JRockit介绍
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=355217072866857&id=1414485.1&_afrWindowMode=0&_adf.ctrl-state=107fqrm5b1_250-----Latest Java SE Patch Updates on MOS (Doc ID 1414485.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=355227993833415&id=1439822.1&_afrWindowMode=0&_adf.ctrl-state=107fqrm5b1_299----- Supported Java SE Downloads on MOS (Doc ID 1439822.1)
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=355625871004650&parent=WIDGET_REFERENCES&sourceId=1439822.1&id=1534791.1&_afrWindowMode=0&_adf.ctrl-state=107fqrm5b1_661-------Java SE and JRockit Archived Downloads on MOS for Java Versions that Have Reached EOL (Doc ID 1534791.1)
Using the Latest JDK 7.0 Update with Oracle E-Business Suite Release 12.2 (Doc ID 1530033.1)