페이지 선택

Vulnerability Notification: Oracle WebLogic Server XmlAdapter Deserialization

[Overview]

Oracle WebLogic Server is an enterprise multi-tiered Java application service, commonly used as a large enterprise web application platform.

[Vulnerability Details]

This vulnerability is exploited due to insufficient validation of serialized XML data by WorkContextXmlInputAdapter. An unauthenticated attacker could exploit this vulnerability by sending carefully crafted HTTP XML requests. Exploiting this vulnerability could result in an attacker executing arbitrary code in a user-run WebLogic environment or even directly controlling Ocacle WebLogic Server for mining activity.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271

[Severity]

High-risk

[Impact]

  • Oracle WebLogic Server 10.3.6.0.0
  • Oracle WebLogic Server 12.1.3.0.0
  • Oracle WebLogic Server 12.2.1.1.0
  • Oracle WebLogic Server 12.2.1.2.0

[Fix Suggestions]

Upgrade Oracle official patch

Patch download address: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the signature database: Signature Library Version: 2.1.222. By deploying any Hillstone Networks solutions with IPS function, XmlAdapter deserialization vulnerability can be quickly detected and effectively blocked to prevent exploitation by the mining program.


Threat Events Detected by Hillstone Solutions


Threat Details

Hillstone Adds Botnet C&C Prevention to StoneOS
4월 10, 2018 | Zeyao Hu
Today, botnet requires more than just static signature based security protection. The modern botnet is essentially a collection of proxies and hosts that are the battleground for...

Vulnerability Notification: Microsoft Windows Shell Zip File Remote Code Execution
4월 9, 2018 | Zeyao Hu
[Overview] Microsoft Windows supports the use of ZIP documents as “compressed folders,” allowing users to browse the contents of ZIP documents through folders....

Vulnerability Notification: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free
3월 26, 2018 | Zeyao Hu
[Overview] Cisco Adaptive Security Appliance (ASA) software is the core operating system of the Cisco ASA Series. It provides enterprise-class firewall functionality for physical...

Announcing Enhancements to Hillstone Networks CloudView
3월 20, 2018 | Zeyao Hu
Today we are announcing the release of Hillstone Networks CloudView, version 2.2. With this new upgrade, CloudView further enhances the security posture of the network and...

Announcing the Hillstone Server Breach Detection System 2.1
3월 7, 2018 | Zeyao Hu
Advanced, Robust Threat Management Features with an Enhanced GUI We are excited to announce the latest software update for the Hillstone Networks Server Breach Detection System,...

Vulnerability Notification: Adobe ColdFusion Deserialization
2월 8, 2018 | Zeyao Hu
[Overview] Adobe ColdFusion is a dynamic web server, a rapid application development platform offered by Adobe Systems that contains advanced features for enterprise integration...

Statement on Vulnerability: Hillstone Networks does not use Intel Processors in its NGFW
1월 7, 2018 | Zeyao Hu
At beginning of 2018, a CPU vulnerability news shocking the whole security industry. According to the Register, a fundamental design flaw in Intel’s processor chips has...

Hillstone Responds to Bad Rabbit Ransomware
10월 26, 2017 | Zeyao Hu
Overview of Bad Rabbit Ransomware As of October 24, a new ransomware “Bad Rabbit” is raging in Russia, Ukraine, Germany, and other countries. Unlike WannaCry,...

Protections of NEW Variant of Petya Ransomware Using Hillstone Network’s Layered Security Solution
6월 28, 2017 | David Yu
On Jun. 27th, 2017, The Petya ransomware is receiving worldwide attention by attacking the governments, banks, electrical systems, communication systems, enterprises, and...