WebLogic 10.3.6.0 Upgrade Deserialization Vulnerability patch

由于最近比特币被炒到近乎不可思议的价格，所以网络上的肉鸡都被黑产们一个个培养成了挖矿鸡。今儿就聊聊如何进行WebLogic10的反序列化漏洞的升级方法。

1, modify the bsu.sh to increase the memory size
vi /home/weblogic/bea/utils/bsu/bsu.sh
Revise this paragraph to
MEM_ARGS="-Xms1G -Xmx2G"
2. Download Patches
Mkdir-p/home/weblogic/bea/utils/bsu/cache_dir
Put the latest patch pack cve-2017-10271p26519424_1036_generic.zip under Cache_dir
3. Upgrade Patches
Cd/home/weblogic/bea/utils/bsu/cache_dir
Unzip-nq Cve-2017-10271p26519424_1036_generic.zip
Cd..
If you have previously played the anti-serialization patch, then you need to uninstall the previous patches, and must pay attention to the order, the order of the reverse will also fail. And he has to verify half a day to error, each patch about 30 minutes look like ... (It's two-cornered)
To remove a patch command:

./bsu.sh -remove -patchlist=ZLNA -prod_dir=/home/weblogic/bea/wlserver_10.3 -log=/tmp/remove.log./bsu.sh -remove -patchlist=EJUW -prod_dir=/home/weblogic/bea/wlserver_10.3 -log=/tmp/remove.log

Delete Success will appear succeed the word
To install a new patch pack:
./bsu.sh -install -patch_download_dir=/home/weblogic/bea/utils/bsu/cache_dir -patchlist=FMJJ -prod_dir=/home/brh/bea/wlserver_10.3 -verbose

Note: If you do not patch, temporary emergency solution is to remove the Curl and wget command, or disable, because the anti-serialization vulnerability only through the shell rebound Trojan download, said the popular point is that hackers can only be attacked by the server actively to download the Trojan, unable to upload operations, and permissions are limited to users running WebLogic middleware.

WebLogic 10.3.6.0 Upgrade Deserialization Vulnerability patch