The first scenario is as follows
- Use Serialkiller to replace the ObjectInputStream class for serialization operations;
- Temporarily delete the "Org/apache/commons/collections/functors/invokertransformer.class" file in the project without affecting the business.
The ObjectInputStream class is the native class of the JRE, Invokertransformer.class is the class in the WebLogic base package, the above two classes are modified or deleted, there is no guarantee that the business has no impact. If you use the fix above, you need a lot of testing work. And just delete the Invokertransformer.class file, there is no guarantee that the other classes will not be found to have a deserialization vulnerability.
It is much more than a large project based on projects. I'm going to use the second solution. The key is simple
The first scenario is as follows
1, patching P20780171_1036_generic.zip
2, patching 22248372_1036012_generic.zip
3, patching ...
The steps are as follows:
1. Testing vulnerability
Java-jar test.jar weblogic xxx.xxx.xxx.xxx 7001 F:/a.txt After performing this operation, if the computer on that IP generates a a.txt file that proves the vulnerability exists (this command is under window, modify the file path under Linux , not tested).
2, to weblogic official website Download patch Package
(P20780171_1036_generic.zip, P22248372_1036012_generic.zip) 10.3.6 the corresponding patch pack p22248372_1036012_generic.zip, The patch package needs to be dependent on a large upgrade package, so you need to download the P20780171_1036_generic.zip as well.
3. Install patch Steps
1, login to the Linux WebLogic users, switch to the/home/weblogic/oracle/middleware/utils/bsu/directory.
2. Confirm the current WebLogic version and confirm that all domain processes are closed
./bsu.sh-prod_dir=/home/weblogic/oracle/middleware/wlserver_10.3/-status=applied-verbose–view
3, see if there is a/home/weblogic/oracle/middleware/utils/bsu/cache_dir directory, there is no need to manually create.
4. Upload the patch package to the/home/weblogic/oracle/middleware/utils/bsu/cache_dir directory
5, first hit the big upgrade package, decompression P20780171_1036_generic.zip
Unzip P20780171_1036_generic.zip
Ejuw correspondence is the patchlist of the command behind it.
6. Perform patch installation commands.
./bsu.sh-install-patch_download_dir=/home/weblogic/oracle/middleware/utils/bsu/cache_dir-patchlist=ejuw-prod_ Dir=/home/weblogic/oracle/middleware/wlserver_10.3–verbose
7, the serialization of the patch package, decompression P22248372_1036012_generic.zip
Unzip P22248372_1036012_generic.zip
./bsu.sh-install-patch_download_dir=/home/weblogic/oracle/middleware/utils/bsu/cache_dir-patchlist=zlna-prod_ Dir=/home/weblogic/oracle/middleware/wlserver_10.3–verbose
8, when playing Zlna patch package, encountered a memory overflow problem. You need to modify the bsu.sh script to increase the memory size.
9. Start the WebLogic domain and view the output log. Determine if the version is in effect.
WebLogic Anti-Serialization Vulnerability patch
Https://pan.baidu.com/s/1hrGJNNI
WebLogic Anti-Serialization Vulnerability patch update solution