WebLogic Console HTTP Remote Code Execution Vulnerability (CVE-2020-14882) Protection Solution

WebLogic Console HTTP Remote Code Execution Vulnerability (CVE-2020-14882) Protection Solution

November 16, 2020 | Adeline Zhang

Overview

The Critical Patch Update (CPU) for October 2020 released by Oracle contains a high-risk WebLogic Consoleremote code execution vulnerability (CVE-2020-14882).

The vulnerability can be triggered without authentication and has an extensive impact.

Unauthenticated attackers might construct special HTTP GET requests to exploit this vulnerability to execute arbitrary code on the affected WebLogic Server.

According to Oracle, the CVSS base score of this vulnerability is 9.8.

For details about the Oracle CPU, please visit the following link:

https://www.oracle.com/security-alerts/cpuoct2020.html

Affected Versions

  • Oracle Weblogic Server 10.3.6.0.0
  • Oracle Weblogic Server 12.1.3.0.0
  • Oracle Weblogic Server 12.2.1.3.0
  • Oracle Weblogic Server 12.2.1.4.0
  • Oracle Weblogic Server 14.1.1.0.0

Technical Solutions

Official Fix

The Oracle CPU has released patches to fix the preceding vulnerability. Affected users are advised to download and install the patches as soon as possible.

Note: Official patches of Oracle can be downloaded only by those with a licensed account of the software. Such users can use that account to log in to https://support.oracle.com to obtain the latest patches.

NSFOCUS’s Recommendations

  • Using NSFOCUS’s Detection Products or Services

For intranet assets, use NSFOCUS Intrusion Detection System (NIDS) and Unified Threat Sensor (UTS) to check for the vulnerability:

  • NSFOCUS Intrusion Detection System (NIDS)
http://update.nsfocus.com/update/listIds
http://update.nsfocus.com/update/bsaUtsIndex
  • Upgrade Package/Rule Base Versions of Detection Products
Detection ProductUpgrade Package/Rule Base Version
IDS5.6.10.23802, 5.6.9.23802
UTS5.6.10.23802
  • NIDS upgrade package download link:

5.6.10.23802

http://update.nsfocus.com/update/downloads/id/109611

5.6.9.23802

http://update.nsfocus.com/update/downloads/id/109610
  • UTS upgrade package download link:
http://update.nsfocus.com/update/downloads/id/109641
  • Using NSFOCUS’s Protection Products to Detect the Vulnerability

Use NSFOCUS protection products, such as NSFOCUS Intrusion Protection System (NIPS), Web Application Firewall (WAF), and Next-Generation Firewall (NF), to defend against the vulnerability.

  • NSFOCUS Intrusion Protection System (NIPS)
http://update.nsfocus.com/update/listIps
  • Web Application Firewall (WAF)
http://update.nsfocus.com/update/wafIndex
  • Next-Generation Firewall (NF)
http://update.nsfocus.com/update/listNf
  • Upgrade Package/Rule Base Versions of Protection Products
Protection ProductUpgrade Package/Rule Base VersionRule ID
IPS5.6.10.23802, 5.6.9.2380225079
WAF6.0.7.1.46624, 6.0.7.0.4662427526197
NF6.0.2.832, 6.0.1.83225079
  • NIPS upgrade package download link:

5.6.10.23802

http://update.nsfocus.com/update/downloads/id/109611

5.6.9.23802

http://update.nsfocus.com/update/downloads/id/109610
  • WAF upgrade package download link:

6.0.7.1.46624

http://update.nsfocus.com/update/downloads/id/109607

6.0.7.0.46624

http://update.nsfocus.com/update/downloads/id/109608
  • NF upgrade package download link:

6.0.2.832

http://update.nsfocus.com/update/downloads/id/109629

6.0.1.832

http://update.nsfocus.com/update/downloads/id/109628
  • Security Platforms
PlatformUpgrade Package/Rule Base Version
NSFOCUS Intelligent Security Operation Platform (ISOP)Alerts have been generated for the vulnerability.
NSFOCUS Threat Analysis and Management Platform (TAM)Rules are available to protect against the vulnerability.

Appendix A: Product Use Guides

  • Protection Configuration on NIPS

On NIPS, under System > System Update > Offline Update, browse to the update file just downloaded and click Upload.

After the update is installed, find the rule by ID in the default rule base and view rule details.

Note: After the update is installed, the engine automatically restarts to make it take effect, which does not disconnect any sessions, but may cause the loss of three to five packets during ping operations. Therefore, it is recommended that the update be installed at an appropriate time.

  • Protection Configuration on WAF

On WAF, choose System Management > System Tools > Rule Upgrade.

Under Manual Upgrade, browse to the upgrade package and click Submit.

  • Protection Configuration on NF

On the web-based manager of NSFOCUS NF, under System > System Upgrade > Offline Upgrade, browse to the update file and click Upload.

Wait for the installation to complete.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.