{"id":7640,"date":"2017-12-25T07:31:13","date_gmt":"2017-12-25T07:31:13","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1057"},"modified":"2025-07-09T07:15:27","modified_gmt":"2025-07-09T07:15:27","slug":"technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/","title":{"rendered":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability"},"content":{"rendered":"<h2><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-1068\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS.png\" alt=\"\" width=\"900\" height=\"600\" \/><\/a><\/h2>\n<h2>Overview<\/h2>\n<p>Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the WLS middleware host via a crafted payload, which will lead to download and execution of a cryptocurrency miner.<\/p>\n<h2>Affected Versions<\/h2>\n<ul>\n<li>WebLogic Server 10.3.6.0.0<\/li>\n<li>WebLogic Server 12.1.3.0.0<\/li>\n<li>WebLogic Server 12.2.1.1.0<\/li>\n<li>WebLogic Server 12.2.1.2.0<\/li>\n<\/ul>\n<p>The preceding WLS versions are all officially supported by Oracle.<\/p>\n<h2>Unaffected Versions<\/h2>\n<ul>\n<li>WebLogic Server 12.2.1.3<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Technical Solutions<\/h2>\n<h3>Self Check<\/h3>\n<p>This wave of attacks was aimed to download and execute cryptocurrency miners. Therefore, at the host level, the malware can be detected by monitoring host system resources and analyzing processes; at the network level, the C&amp;C address pool and Bitcoin mining pool can be monitored for corresponding domain names and IP addresses so as to discover other infected hosts.<\/p>\n<p>For a Linux host, first, check the <strong>\/tmp<\/strong> directory for suspicious files owned by any WebLogic account, such as <strong>watch-smartd<\/strong>, <strong>Carbon<\/strong>, and <strong>default<\/strong>.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/check-the-tmp-directory.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-1059\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/check-the-tmp-directory.png\" alt=\"\" width=\"826\" height=\"232\" \/><\/a><\/p>\n<p>Then analyze processes and system resources to check whether there are suspicious processes launched by any WebLogic account.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/check-processes-and-resources.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-1058\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/check-processes-and-resources.png\" alt=\"\" width=\"835\" height=\"265\" \/><\/a><\/p>\n<p>Finally, use the deployed firewall or intrusion prevention device to monitor the C&amp;C address pool and Bitcoin mining pool for the following domain names and IP addresses:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"553\">minergate.com<\/p>\n<p>minexmr.com<\/p>\n<p>78.46.91.134<\/p>\n<p>104.25.208.15<\/p>\n<p>104.25.209.15<\/p>\n<p>136.243.102.167<\/p>\n<p>136.243.102.154<\/p>\n<p>94.130.143.162<\/p>\n<p>88.99.142.163<\/p>\n<p>72.11.140.178<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3>Official Fix<\/h3>\n<p>Oracle has fixed the WLS component vulnerability (CVE-2017-10271) in its October update. Users are advised to download the update and upgrade the application to the latest as soon as possible.<\/p>\n<p>The update is available in the following link:<\/p>\n<p><a href=\"http:\/\/www.oracle.com\/technetwork\/middleware\/weblogic\/downloads\/index.html\"><strong>http:\/\/www.oracle.com\/technetwork\/middleware\/weblogic\/downloads\/index.html<\/strong><\/a><\/p>\n<h3>Workaround<\/h3>\n<p>According to the PoC exploit, the vulnerability exists in the CoordinatorPortType interface of the wls-wsat component. If this component is not applied in the WLS cluster, users are advised to make a backup of and delete this component for the time being.<\/p>\n<p>1. Delete the WebLogic wls-wsat component as follows (the actual path may vary):<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"553\">rm -f \/home\/WebLogic\/Oracle\/Middleware\/wlserver_10.3\/server\/lib\/wls-wsat.war<\/p>\n<p>&nbsp;<\/p>\n<p>rm -f \/home\/WebLogic\/Oracle\/Middleware\/user_projects\/domains\/base_domain\/servers\/AdminServer\/tmp\/.internal\/wls-wsat.war<\/p>\n<p>&nbsp;<\/p>\n<p>rm -rf \/home\/WebLogic\/Oracle\/Middleware\/user_projects\/domains\/base_domain\/servers\/AdminServer\/tmp\/_WL_internal\/wls-wsat<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>2. Restart the WebLogic domain controller service.<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"553\">DOMAIN_NAME\/bin\/stopWeblogic.sh\u00a0\u00a0 # Terminates the service.<\/p>\n<p>DOMAIN_NAME\/bin\/startManagedWebLogic.sh\u00a0\u00a0 # Starts the service.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>For details about how to restart the WebLogic service, see the following document:<\/p>\n<p><a href=\"https:\/\/docs.oracle.com\/cd\/E13222_01\/wls\/docs90\/server_start\/overview.html\"><strong>https:\/\/docs.oracle.com\/cd\/E13222_01\/wls\/docs90\/server_start\/overview.html<\/strong><\/a><\/p>\n<h3>NSFOCUS&#8217;s Recommendations<\/h3>\n<h4>Use NSFOCUS&#8217;s detection products or service to detect the vulnerability:<\/h4>\n<ul>\n<li>For Internet-facing assets, use the emergency vulnerability detection service of NSFOCUS Cloud to check for the vulnerability online. The service is available at the following link:<\/li>\n<\/ul>\n<p><strong><a href=\"https:\/\/cloud.nsfocus.com\/#\/krosa\/views\/initcdr\/productandservice?page_id=12\">https:\/\/cloud.nsfocus.com\/#\/krosa\/views\/initcdr\/productandservice?page_id=12<\/a><\/strong><\/p>\n<ul>\n<li>For intranet assets, use NSFOCUS RSAS V5\/V6 or WVSS to check for the vulnerability:<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Remote Security Assessment System (RSAS V6):<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"http:\/\/update.nsfocus.com\/update\/listRsasDetail\/v\/vulweb\"><strong>http:\/\/update.nsfocus.com\/update\/listRsasDetail\/v\/vulweb<\/strong><\/a><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Remote Security Assessment System (RSAS V5):<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>http:\/\/update.nsfocus.com\/update\/listAurora\/v\/5<\/strong><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Web Vulnerability Scanning System (WVSS):<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"http:\/\/update.nsfocus.com\/update\/listWvssDetail\/v\/6\/t\/plg\"><strong>http:\/\/update.nsfocus.com\/update\/listWvssDetail\/v\/6\/t\/plg<\/strong><\/a><\/p>\n<ul>\n<li>For intranet assets, use NSFOCUS NIDS to check for the vulnerability:<\/li>\n<\/ul>\n<p>Network Intrusion Detection System (NIDS):<\/p>\n<p><a href=\"http:\/\/update.nsfocus.com\/update\/listIds\"><strong>http:\/\/update.nsfocus.com\/update\/listIds<\/strong><\/a><\/p>\n<p>You should upgrade your devices to the latest version by downloading upgrade packages from the preceding links before using them to detect vulnerabilities.<\/p>\n<h4>Use NSFOCUS&#8217;s protection products (NIPS, NIDS, or NF) to protect against the vulnerability:<\/h4>\n<ul>\n<li>Network Intrusion Prevention System (NIPS):<\/li>\n<\/ul>\n<p><a href=\"http:\/\/update.nsfocus.com\/update\/listIps\"><strong>http:\/\/update.nsfocus.com\/update\/listIps<\/strong><\/a><\/p>\n<ul>\n<li>Next-Generation Firewall (NF):<\/li>\n<\/ul>\n<p><a href=\"http:\/\/update.nsfocus.com\/update\/listNf\"><strong>http:\/\/update.nsfocus.com\/update\/listNf<\/strong><\/a><\/p>\n<ul>\n<li>Web Application Firewall (WAF):<\/li>\n<\/ul>\n<p><a href=\"http:\/\/update.nsfocus.com\/update\/wafIndex\"><strong>http:\/\/update.nsfocus.com\/update\/wafIndex<\/strong><\/a><\/p>\n<p>You should upgrade your devices to the latest version by downloading upgrade packages from the preceding links before using them for protection.<\/p>\n<h2>Technical Analysis<\/h2>\n<p>The following is a security advisory released by Oracle in April, which provides various patches for its vulnerable products:<\/p>\n<p><a href=\"http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2017-3236618.html\"><strong>http:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuapr2017-3236618.html<\/strong><\/a><\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Oracle-advisory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1062\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Oracle-advisory.png\" alt=\"\" width=\"916\" height=\"70\" \/><\/a><\/p>\n<p>The following is a patch update advisory released in October:<\/p>\n<p><a href=\"https:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuoct2017-3236626.html\"><strong>https:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuoct2017-3236626.html<\/strong><\/a><\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Patch.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1065\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Patch.png\" alt=\"\" width=\"924\" height=\"65\" \/><\/a><\/p>\n<p><em>&#8220;A remote user can exploit a flaw in the Oracle WebLogic Server WLS Security component to gain elevated privileges [CVE-2017-10271]&#8221;<\/em><\/p>\n<p>The preceding is a description of the CVE-2017-10271 vulnerability from https:\/\/securitytracker.com\/id\/1039608.<\/p>\n<p>A PoC test has the following result:<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/result-of-a-POC-test.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1067\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/result-of-a-POC-test.png\" alt=\"\" width=\"630\" height=\"378\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/result-of-a-POC-test.png 630w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/result-of-a-POC-test-300x180.png 300w\" sizes=\"(max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p>A drill-down analysis finds that this is still a vulnerability in XMLDecoder. The next step is to analyze patch code. Let&#8217;s start with the patch for the CVE-2017-3506 vulnerability. In the <strong>weblogic\/wsee\/workarea\/WorkContextXmlInputAdapter.java<\/strong> file, a method &#8220;validate&#8221; is added. Its implementation mechanism is as follows:<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/implementation.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1061\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/implementation.png\" alt=\"\" width=\"718\" height=\"825\" \/><\/a><\/p>\n<p>Simply put, in the process of parsing XML, if the <strong>Element<\/strong> field value is <strong>Object<\/strong>, an exception is thrown. Such a fix seems a bit amateur. That is why the CVE-2017-10271 vulnerability occurs. In a previous analysis of the October patch update for Oracle WebLogic, we found that code related to WorkContextXmlInputAdapter addressed only the DoS vulnerability, without imposing any restrictions on the use of &#8220;new&#8221;, &#8220;method&#8221;, and &#8220;void&#8221; like the CVE-2017-10271 patch. The patch for the CVE-2017-3506 vulnerability can be bypassed with other approaches. For example, changing <strong>object<\/strong> to <strong>void<\/strong> is a typical approach. As this vulnerability is for Bitcoin mining, a PoC can be created via the keyword <strong>new<\/strong> for deserialized execution.<\/p>\n<p>Then why code can be executed in the process of parsing XMLDecoder? A dynamic analysis will provide the answer. Use the following PoC as an example.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/PoC.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1066\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/PoC.png\" alt=\"\" width=\"558\" height=\"209\" \/><\/a><\/p>\n<p>According to this PoC, a JdbcRowSetImpl instance is first generated. Then the SET method of this instance is called to initialize its attributes. After the setAutoCommit interface is called, a class is remotely loaded and initialized based on the value of dataSourceName. The following figure shows the output of the call stack.<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1063\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output1.png\" alt=\"\" width=\"862\" height=\"778\" \/><\/a><\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1064\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output2.png\" alt=\"\" width=\"881\" height=\"137\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output2.png 881w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output2-300x47.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/Output2-768x119.png 768w\" sizes=\"(max-width: 881px) 100vw, 881px\" \/><\/a><\/p>\n<p>For the preceding PoC, Oracle released the following patch for CVE-2017-10271:<\/p>\n<p><a href=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/code.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1060\" src=\"https:\/\/staging.nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/code.png\" alt=\"\" width=\"722\" height=\"837\" \/><\/a><\/p>\n<p>This is quite a complete patch capable of preventing security bypass by imposing restrictions on the use of such fields as <strong>object<\/strong>, <strong>new<\/strong>, <strong>method<\/strong>, <strong>void<\/strong>, and <strong>array<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the WLS middleware host via a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":35810,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[],"class_list":["post-7640","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-25T07:31:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-09T07:15:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability\",\"datePublished\":\"2017-12-25T07:31:13+00:00\",\"dateModified\":\"2025-07-09T07:15:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/\"},\"wordCount\":1038,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/12\\\/WLS-1.png\",\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/\",\"name\":\"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/12\\\/WLS-1.png\",\"datePublished\":\"2017-12-25T07:31:13+00:00\",\"dateModified\":\"2025-07-09T07:15:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/12\\\/WLS-1.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2017\\\/12\\\/WLS-1.png\",\"width\":900,\"height\":600,\"caption\":\"Magnifying glass over Weblogic Server bug.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS","og_description":"Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through","og_url":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/","og_site_name":"NSFOCUS","article_published_time":"2017-12-25T07:31:13+00:00","article_modified_time":"2025-07-09T07:15:27+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS","twitter_description":"Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"5 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability","datePublished":"2017-12-25T07:31:13+00:00","dateModified":"2025-07-09T07:15:27+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/"},"wordCount":1038,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png","articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/","url":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/","name":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png","datePublished":"2017-12-25T07:31:13+00:00","dateModified":"2025-07-09T07:15:27+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2017\/12\/WLS-1.png","width":900,"height":600,"caption":"Magnifying glass over Weblogic Server bug."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=7640"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7640\/revisions"}],"predecessor-version":[{"id":32646,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/7640\/revisions\/32646"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/35810"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=7640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=7640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=7640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}