重庆思庄Oracle、Redhat认证学习论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 2717|回复: 0
打印 上一主题 下一主题

weblogic反序列化漏洞补丁

[复制链接]
跳转到指定楼层
楼主
发表于 2016-6-6 14:30:42 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
Applies to:   Oracle Fusion Middleware
Oracle WebLogic Server - Version 10.3.6 to 12.2.1.0.0
Information in this document applies to any platform.
This applies to any product deployment using Oracle WebLogic Server


PurposeThis document defines minimum releases and patches for the Oracle WebLogic Server component of Oracle Fusion Middleware to address the vulnerability described in the Oracle Security Alert for CVE-2015-4852:  http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
DetailsIt is important to read the Oracle Security Alert before reading this document. The table below defines minimum releases and patches for Oracle WebLogic Server.


  • See also Note 2076338.1 CVE-2015-4852 Mitigation Recommendations for Oracle WebLogic Server Component of Oracle Fusion Middleware
          • January 2016 CPU Update:

            Beginning January 2016, CVE-2015-4852 fixes are now included in the below Patch Set Update (PSU) releases and higher: 12.2.1.0.1
            12.1.3.0.6
            12.1.2.0.8
            10.3.6.0.13

            To obtain the latest cumulative PSU, refer to the Critical Patch Update program at http://www.oracle.com/technetwork/topics/security/alerts-086861.html . Review the latest Advisory and click the "Fusion Middleware" link within to obtain the latest cumulative Patch Availability Document.
          • Important: If you have a version older than 10.3.6 or 12.1.2, you must upgrade as per the Error Correction Policy: Note 950131.1, "Error Correction Support Dates for Oracle WebLogic Server".
          • The initial patching requirements from November 2015 are listed below with patch links for all versions under error correction support:






WLS ReleaseRequired Patches
12.2.1.012.2.1.0.0 Patch 22248372 for CVE-2015-4852
12.1.3.0PSU 12.1.3.0.5 (Patch 21370953) + 12.1.3.0.5 Patch 22248372 for CVE-2015-4852
12.1.2.0PSU 12.1.2.0.7 (Patch 21364493) + 12.1.2.0.7 Patch 22248372 for CVE-2015-4852
10.3.6.0PSU 10.3.6.0.12 (Patch 20780171), Smart Update Patch ID: EJUW) + 10.3.6.0.12 Patch 22248372 for CVE-2015-4852
    • Patches are not password protected for versions listed above. Older versions are now expired.
    • Due to issues with linking to the standard My Oracle Support patch download page, the above links go to an alternative updates.oracle.com location. If you have firewall rules on your network, you should adjust accordingly for the links to work.
    • You may also access these patches by going to the "Patches and Updates" tab, perform a search on the above numbers and select your version.



ReferencesNOTE:2076338.1 - CVE-2015-4852 Mitigation Recommendations for Oracle WebLogic Server Component of Oracle Fusion Middleware
NOTE:1074055.1 - Security Vulnerability FAQ for Oracle Database and Fusion Middleware Products
分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友
收藏收藏 支持支持 反对反对
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛 ( 渝ICP备12004239号-4 )

GMT+8, 2024-11-24 19:05 , Processed in 0.094113 second(s), 20 queries .

重庆思庄学习中心论坛-重庆思庄科技有限公司论坛

© 2001-2020

快速回复 返回顶部 返回列表