WebLogic Security – Critical Vulnerability Impacts All Recent Versions

Lauren MarckTechnical TipsLeave a Comment

Oracle recently released its Critical Patch Update (CPU) for July 2016, and there is a vulnerability addressed by this CPU that WebLogic administrators need to know about. At M&S Consulting, we have been facilitating the application of the appropriate patches required to address this and other vulnerabilities. It is very important to apply this most recent CPU as soon as possible, as one of the vulnerabilities it addresses, CVE-2016-3510, is relatively easy to exploit and can cause serious problems.

About CVE-2016-3510

CVE-2016-3510 affects all versions of Oracle WebLogic Server since 10.3.6. So major versions such as 10.3.6, 12.1.3, and 12.2.1 and their point releases are impacted. The exploitation of this vulnerability is easy and can be initiated remotely by an unauthenticated attacker. The problem is caused by unsafe deserialize calls to the weblogic.corba.utils.MarshallObject object. By executing arbitrary code using a known blacklist bypass, the attacker will be able to gain network access via HTTP to compromise and possibly take over the Oracle WebLogic Server.

Apply the appropriate patch from the list below to address this and other WebLogic vulnerabilities. If you have applied previous CPU patches, you will need to remove them first and then apply the newer patch set. These patch sets are cumulative so any prior fixes will be included.

Patch NameDescriptionWebLogic Server Release
23094342SU Patch [UIAL]: WLS PATCH SET UPDATE 10.3.6.0.160719 (Patch)10.3.6.0
23094292WLS PATCH SET UPDATE 12.1.3.0.160719 (Patch)12.1.3.0.0
23094285WLS PATCH SET UPDATE 12.2.1.0.160719 (Patch)12.2.1.0.0

Leave a Reply

Your email address will not be published. Required fields are marked *