¡¾Îó²îͨ¸æ¡¿Oracle WebLogic Server 4Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2023-04-19


Ò»¡¢Îó²î¸ÅÊö

2023Äê4ÔÂ19ÈÕ£¬£¬£¬¼øºÚµ£±£ÍøVSRC¼à²âµ½OracleÐû²¼ÁË4ÔÂÇå¾²¸üУ¬£¬£¬±¾´Î¸üй²°üÀ¨433¸öÐÂÇå¾²²¹¶¡£¡£¡£¡£¡£¬£¬£¬Éæ¼°Oracle ºÍµÚÈý·½×é¼þÖеÄÎó²î¡£¡£¡£¡£¡£

´Ë´Î¸üÐÂÖй²°üÀ¨49¸öÕë¶Ô Oracle ÈÚºÏÖÐÐļþµÄÇå¾²²¹¶¡£¡£¡£¡£¡£¬£¬£¬ÆäÖÐ 44¸öÎó²îÎÞÐèÉí·ÝÑéÖ¤¼´¿É±»Ô¶³ÌʹÓᣡ£¡£¡£¡£ÆäÖÐÓ°ÏìOracle WebLogic ServerµÄ²¿·ÖÎó²îÈçÏ£º

CVE

²úÆ·

Éæ¼°×é¼þ

ЭÒé

ÊÇ·ñÔ¶³ÌʹÓÃ

CVSSÆÀ·Ö

Ó°Ïì¹æÄ£

CVE-2023-24998

Oracle WebLogic Server

Console £¨Apache   Commons FileUpload£©

HTTP

ÊÇ

7.5

12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

CVE-2023-21996

Oracle WebLogic Server

Web Services

HTTP

ÊÇ

7.5

12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

CVE-2023-21931

Oracle WebLogic Server

Core

T3

ÊÇ

7.5

12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

CVE-2023-21964

Oracle WebLogic Server

Core

T3

ÊÇ

7.5

12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

CVE-2023-21979

Oracle WebLogic Server

Core

T3

ÊÇ

7.5

12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

CVE-2023-21956

Oracle WebLogic Server

Web Container

HTTP

ÊÇ

6.1

12.2.1.4.0, 14.1.1.0.0

CVE-2023-21960

Oracle WebLogic Server

Core

HTTP

ÊÇ

5.6

12.2.1.3.0, 12.2.1.4.0

 

CVE-2023-24998£ºOracle WebLogic Server¾Ü¾øÐ§ÀÍÎó²î£¨¸ßΣ£©

Oracle WebLogic ServerÖÐʹÓõÄApache Commons FileUpload°æ±¾1.5֮ǰδÏÞÖÆÒª´¦Öóͷ£µÄÇëÇ󲿷ֵÄÊýÄ¿£¬£¬£¬µ¼Ö¿ÉÒÔͨ¹ý¶ñÒâÉÏ´«»òһϵÁÐÉÏ´«À´´¥·¢¾Ü¾øÐ§ÀÍ¡£¡£¡£¡£¡£

CVE-2023-21996£ºOracle WebLogic Server¾Ü¾øÐ§ÀÍÎó²î£¨¸ßΣ£©

Oracle WebLogic Server £¨×é¼þ£ºWeb Services£©Öб£´æÎó²î£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ý HTTP ¾ÙÐÐÍøÂç»á¼ûÀ´ÆÆËð Oracle WebLogic Server£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼ÖÂOracle WebLogic Server ¹ÒÆð»òƵÈÔÖØ¸´µÄÍ߽⣨ÍêÈ«DOS£©¡£¡£¡£¡£¡£

CVE-2023-21931£ºOracle WebLogic ServerδÊÚȨ»á¼ûÎó²î£¨¸ßΣ£©

Oracle WebLogic Server£¨×é¼þ£ºCore£©Öб£´æÎó²î£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ý T3 ¾ÙÐÐÍøÂç»á¼ûÀ´ÆÆËð Oracle WebLogic Server£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼Ö¶ÔÒªº¦Êý¾ÝµÄδÊÚȨ»á¼û»ò¶ÔËùÓÐOracle WebLogic Server¿É»á¼ûÊý¾ÝµÄÍêÈ«»á¼û¡£¡£¡£¡£¡£

CVE-2023-21964£ºOracle WebLogic Server¾Ü¾øÐ§ÀÍÎó²î£¨¸ßΣ£©

Oracle WebLogic Server£¨×é¼þ£ºCore£©Öб£´æÎó²î£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ý T3 ¾ÙÐÐÍøÂç»á¼ûÀ´ÆÆËð Oracle WebLogic Server£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼ÖÂOracle WebLogic Server ¹ÒÆð»òƵÈÔÖØ¸´µÄÍ߽⣨ÍêÈ«DOS£©¡£¡£¡£¡£¡£

CVE-2023-21979£ºOracle WebLogic Server CoreδÊÚȨ»á¼ûÎó²î£¨¸ßΣ£©

Oracle WebLogic Server£¨×é¼þ£ºCore£©Öб£´æÎó²î£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ý T3 ¾ÙÐÐÍøÂç»á¼ûÀ´ÆÆËð Oracle WebLogic Server£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼Ö¶ÔÒªº¦Êý¾ÝµÄδÊÚȨ»á¼û»ò¶ÔËùÓÐOracle WebLogic Server¿É»á¼ûÊý¾ÝµÄÍêÈ«»á¼û¡£¡£¡£¡£¡£

CVE-2023-21956£ºOracle WebLogic ServerδÊÚȨ»á¼ûÎó²î£¨ÖÐΣ£©

Oracle WebLogic Server£¨×é¼þ£ºWeb Container£©Öб£´æÎó²î£¬£¬£¬¿ÉÔÚÓû§½»»¥µÄÇéÐÎÏÂʹÓøÃÎó²î¶ÔijЩ Oracle WebLogic Server ¿É»á¼ûÊý¾Ý¾ÙÐÐδ¾­ÊÚȨµÄ¸üС¢²åÈë»òɾ³ý²Ù×÷£¬£¬£¬ÒÔ¼°¶Ô Oracle WebLogic Server ¿É»á¼ûÊý¾ÝµÄ×Ó¼¯¾ÙÐÐδ¾­ÊÚȨµÄ¶ÁÈ¡»á¼û¡£¡£¡£¡£¡£

CVE-2023-21960£ºOracle WebLogic ServerδÊÚȨ»á¼ûÎó²î£¨ÖÐΣ£©

Oracle WebLogic Serve£¨×é¼þ£ºCore£©Öб£´æÎó²î£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ý HTTP ¾ÙÐÐÍøÂç»á¼ûÀ´ÆÆËð Oracle WebLogic Server£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î£¨¹¥»÷ÖØÆ¯ºó¸ß£©¿ÉÄܵ¼Ö¶ÔijЩ Oracle WebLogic Server ¿É»á¼ûÊý¾ÝµÄδÊÚȨ»á¼û»ò²Ù×÷£¬£¬£¬ÒÔ¼°¾Ü¾øÐ§À͵ȡ£¡£¡£¡£¡£

 

¶þ¡¢Ó°Ïì¹æÄ£

Oracle WebLogic Server°æ±¾£º12.2.1.3.0

Oracle WebLogic Server°æ±¾£º12.2.1.4.0

Oracle WebLogic Server°æ±¾£º14.1.1.0.0 

 

Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

ÏÖÔÚOracleÒѾ­Ðû²¼ÁËÏà¹ØÎó²îµÄ²¹¶¡ÜöÝÍ£¬£¬£¬ÊÜÓ°ÏìÓû§¿Éʵʱ¸üС£¡£¡£¡£¡£

²Î¿¼Á´½Ó£º

https://www.oracle.com/security-alerts/cpuapr2023.html

3.2 ÔÝʱ²½·¥

Èç·ÇÐëÒª£¬£¬£¬¿ÉÒÔÑ¡Ôñ½ûÓÃT3 ЭÒ飺

1£©½øÈëWebLogic¿ØÖÆÌ¨£¬£¬£¬ÔÚbase_domainµÄÉèÖÃÒ³ÃæÖУ¬£¬£¬½øÈë¡°Çå¾²¡±Ñ¡Ïî¿¨Ò³Ãæ£¬£¬£¬µã»÷¡°É¸Ñ¡Æ÷¡±£¬£¬£¬½øÈëÅþÁ¬É¸Ñ¡Æ÷ÉèÖᣡ£¡£¡£¡£

2)ÔÚÅþÁ¬É¸Ñ¡Æ÷ÖÐÊäÈ룺weblogic.security.net.ConnectionFilterImpl£¬£¬£¬ÔÚÅþÁ¬É¸Ñ¡Æ÷¹æÔòÖÐÊäÈ룺127.0.0.1 * * allow t3t3s£¬£¬£¬0.0.0.0/0 * *deny t3 t3s(t3ºÍt3sЭÒéµÄËùÓж˿ÚÖ»ÔÊÐíÍâµØ»á¼û)¡£¡£¡£¡£¡£

3£©ÉúÑĺóÐèÖØÐÂÆô¶¯£¬£¬£¬¹æÔò·½¿ÉÉúЧ¡£¡£¡£¡£¡£

image.png

 

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔ­Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏÞ¶È¡£¡£¡£¡£¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£

3.4 ²Î¿¼Á´½Ó

https://www.oracle.com/security-alerts/cpuapr2023.html

https://nvd.nist.gov/vuln/detail/CVE-2023-21931

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-04-19

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸Æð¾¢¡£¡£¡£¡£¡£

5.2 ¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£¡£¡£¡£¡£

¹Ø×¢ÎÒÃÇ£º

image.png