First, Test
Java-jar commonscollectionstools.jar WebLogic 192.168.0.11 7001 f:/a.txt
After performing this operation, if the computer on the IP generated a.txt file, proof of the existence of the vulnerability (This command for window operation, Linux to modify the file path, has not been tested).
Test jar Download Address: http://download.csdn.net/detail/gongzi2311/9434503
second, solve
1. Quick fix
Found it.. \weblogic\middleware\modules\com.bea.core.apache.commons.collections_3.2.0.jar and Open,
Find the Org\apache\commons\collections\functors\invokertransformer.class inside.
Then delete and save it. A new test found that the file could not be generated and the vulnerability was temporarily resolved.
2. Patch Solution
Download P20780171_1036_generic.zip, p22248372_1036012_generic.zip these two patch packs and install them.
Patch Package Download: http://pan.baidu.com/s/1i3Oy7Ox