標籤:apache代理weblogic java還原序列化漏洞修複、請求轉寄
近日烏雲發郵件提示公司的某系統存在漏洞,有關weblogic,詳細資料參考http://drops.wooyun.org/papers/13244
修複方法http://drops.wooyun.org/web/13470
本次使用Apache作為代理進行處理,也就是在weblogic伺服器安裝web(Apache或者nginx)代理應用,使web代理監聽原有weblogic監聽的連接埠,並且將http請求轉寄給原生weblogic進行處理。詳細操作如下所示
OS:Oracle Linux 6.1
Weblogic:10.3.6
1.備份備份備份
2.在weblogic控制台修改監聽地址和監聽連接埠
3.Apache的安裝及配置
4.停止weblogic
5.啟動Apache
6.測試
1.備份
在操作之前最好將相關檔案進行備份,最好將整個域進行備份
這裡只備份了/soft/Oracle/Middleware/user_projects/domains/base_domain/config/config.xml
2.在weblogic控制台修改監聽地址和監聽連接埠
訪問http://192.168.10.201/console
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M02/7F/47/wKiom1cYipjBrLmgAAA53JEZctY443.png" title="2222222.png" alt="wKiom1cYipjBrLmgAAA53JEZctY443.png" />
這裡監聽地址修改為127.0.0.1(也可修改為localhost),監聽連接埠修改為8080
儲存之後,點擊更改中心的"啟用更改"按鈕
3.Apache的安裝及配置
Apache的安裝可以選擇yum安裝或者編譯安裝,自行選擇,這裡選擇yum安裝
yum install httpd httpd-devel
拷貝所需的模組
cd /soft/Oracle/Middleware/wlserver_10.3/server/plugin/linux/x86_64cp mod_wl_22.so /etc/httpd/modulescd /etc/httpd/confcp httpd.conf httpd.conf.bakvi httpd.conf
編輯修改以下內容
#add by xxxLoadModule weblogic_module modules/mod_wl_22.so<IfModule mod_weblogic.c> WeblogicHost 127.0.0.1 WeblogicPort 8080 MatchExpression *.jsp MatchExpression *.do MatchExpression * WLLogFile "/tmp/wlproxy.log"</IfModule>Listen 0.0.0.0:80ServerName 192.168.10.201:80
注意Apache2.2.15可能在啟動時可能會遇到以下錯誤
: libstdc++.so.5: cannot open shared object file: No such file or directory
解決方案:yum install libstdc++
4.停止weblogic
確認修改正常之後,關閉weblogic
/soft/Oracle/Middleware/user_projects/domains/base_domain/bin ./stopWebLogic.sh
5.啟動Apache
service httpd start[[email protected] ]# lsof -i:80COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEhttpd 3344 root 3u IPv4 10087 TCP *:http (LISTEN)httpd 3345 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3347 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3348 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3350 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3351 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3352 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3354 apache 3u IPv4 10087 TCP *:http (LISTEN)httpd 3356 apache 3u IPv4 10087 TCP *:http (LISTEN)[[email protected] ]# lsof -i:8080COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEhttpd 3345 apache 11u IPv4 14643 TCP localhost.localdomain:36829->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3347 apache 11u IPv4 14685 TCP localhost.localdomain:58644->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3348 apache 11u IPv4 14574 TCP localhost.localdomain:34162->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3350 apache 11u IPv4 14637 TCP localhost.localdomain:36827->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3351 apache 11u IPv4 14678 TCP localhost.localdomain:58643->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3352 apache 11u IPv4 14670 TCP localhost.localdomain:58642->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3354 apache 11u IPv4 14646 TCP localhost.localdomain:36830->localhost.localdomain:webcache (CLOSE_WAIT)httpd 3356 apache 11u IPv4 14640 TCP localhost.localdomain:36828->localhost.localdomain:webcache (CLOSE_WAIT)java 4023 psoft 376u IPv6 12867 TCP localhost.localdomain:webcache (LISTEN)[[email protected] ]#
6.測試
訪問192.168.10.201測試專案是否正常
7.修改weblogic停止指令碼
需要將weblogic停止指令碼中的ADMIN_URL參數中的IP修改為“127.0.0.1”或“localhost”,否則停止指令碼不可用。
cd /soft/Oracle/Middleware/user_projects/domains/base_domain/bincp stopWebLogic.sh stopWebLogic.sh.bak vi stopWebLogic.sh ADMIN_URL="t3://weblogic:7001" 修改為以下ADMIN_URL="t3://localhost:8080"
參考連結:http://drops.wooyun.org/web/13470
http://blog.chinaunix.net/xmlrpc.php?r=blog/article&uid=69879&id=2680631
本文出自 “相守姑娘說” 部落格,請務必保留此出處http://sugarlovecxq.blog.51cto.com/6707742/1766288
weblogic伺服器部署web代理修複weblogic的JAVA還原序列化漏洞
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
