CVE-2015-4852 java 反序列化漏洞--weblogic补丁

 

 

CVE-2015-4852 Patch Availability Document for Oracle WebLogic Server Component of Oracle Fusion Middleware (Doc ID 2075927.1)

To Bottom

---

APPLIES TO: PeopleSoft Enterprise PT PeopleTools - Version 8.53 to 8.53 [Release 8.4] Oracle Fusion Middleware Oracle WebLogic Server - Version 10.3.6 to 12.2.1.0.0 Information in this document applies to any platform. See the Security Alert for versions affected.   PURPOSE This document defines minimum releases and patches for the Oracle WebLogic Server component of Oracle Fusion Middleware to address the vulnerability described in the Oracle Security Alert for CVE-2015-4852:  http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html DETAILS It is important to read the Oracle Security Alert before reading this document. The table below defines minimum releases and patches for Oracle WebLogic Server.    See also Note 2076338.1 CVE-2015-4852 Mitigation Recommendations for Oracle WebLogic Server Component of Oracle Fusion Middleware   WLS Release Required Patches 12.2.1.0 Patch 22248372 for CVE-2015-4852 12.1.3.0 PSU 12.1.3.0.5 (Patch 21370953) + Patch 22248372 for CVE-2015-4852 12.1.2.0 PSU 12.1.2.0.7 (Patch 21364493) + Patch 22248372 for CVE-2015-4852 10.3.6.0 PSU 10.3.6.0.12 (Patch 20780171), Smart Update Patch ID: EJUW) + Patch 22248372 for CVE-2015-4852 These patches are not password protected. For other versions see Oracle Security Alert for versions affected and Note 950131.1, "Error Correction Support Dates for Oracle WebLogic Server" Due to issues with linking to the standard My Oracle Support patch download page, the above links go to an alternative updates.oracle.com location. If you have firewall rules on your network, you should adjust accordingly for the links to work. You may also access these patches by going to the "Patches and Updates" tab, perform a search on the above numbers and select your version.     REFERENCES NOTE:2076338.1 - CVE-2015-4852 Mitigation Recommendations for Oracle WebLogic Server Component of Oracle Fusion Middleware NOTE:1074055.1 - Security Vulnerability FAQ for Oracle Database and Fusion Middleware Products

 

 

摘自 support.oracle.com

http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html

 

 

关于反序列化安全漏洞 CVE-2015-4852 的 Weblogic Server 防护建议

此问题已回答。

Jerry Wang -Oracle 2015-11-29 下午9:13

• 关于Weblogic Server如何防护防止近期爆出的反序列化安全漏洞，为您提供以下内容参考。

请先阅读该安全漏洞的 Oracle Security AlertSupport Note (Doc ID 2075927.1) 已经提供了防护该漏洞的补丁下载链接。请注意该安全补丁是基于最新的 PSU 版本之上的，安装这个补丁之前必须先安装最新的PSU，即版本 10.3.6.0.12, 12.1.2.0.7, 12.1.3.0.5. 因为根据 Weblogic Server 的修复日期政策, 10.3.6之前的版本和 12.1.1 版本不再提供补丁。
参考：Support Note 950131.1, "Error Correction Support Dates for Oracle WebLogic Server", 中文版 Note 1532226.1如果您的环境版本已经过了修复期或者不具备安装条件，请参考下面的解决办法。
1 过滤T3协议
1) WLS Proxy Plug-In versions 12.2.1, 12.1.3, and 11.1.1.9 缺省的就可以过滤掉 T3 协议请求, 包括Oracle HTTP Server,iPlanet,Microsoft IIS各个版本的Plug-in.
Plug-in versions 12.1.2 and 11.1.1.7 则需要应用 July 2014 Critical Patch Update 发布的补丁版本。
参见 Patch Set Update and Critical Patch Update July 2014 Availability Document (Doc ID 1666884.1)2) 如果您使用的是负载均衡设备如F5，则请参考其技术文档配置过滤掉T3协议.2 配置 Weblogic Server 过滤掉 T3 协议的请求
1) 把特定 network channel 的 T3/T3S 协议去掉。注意，T3协议是Weblogic Server运行必需的,用于Server实例之间的通信.
所以可以选择把对外 Internet 提供服务的channel和Weblogic Server内部通信用的channel分开，并且把T3/T3S 协议去掉。
参考 Configuring Network Resources 2) 使用 Connection Filter 过滤掉 T3 协议,只允许内网特定子网或者源IP的T3协议通过。
参考文档 Using Network Connection Filters

• 参考：

CVE-2015-4852 Mitigation Recommendations for Oracle WebLogic Server Component of Oracle Fusion Middleware (Doc ID 2076338.1)
CVE-2015-4852 Patch Availability Document for Oracle WebLogic Server Component of Oracle Fusion Middleware (Doc ID 2075927.1)

参考：https://community.oracle.com/thread/3871825

 

更多信息请参考

《WebLogic Java反序列化漏洞终极建议》：https://blog.csdn.net/zhouleiblog/article/details/82838061