本篇文章为大家展示了Weblogic WLS组件REC漏洞CVE-2017-10271测试与修复方案是什么,内容简明扼要并且容易理解,绝对能使你眼前一亮,通过这篇文章的详细介绍希望你能有所收获。
第一步,搭建python环境
首先访问http://www.python.org/download/去下载windows版的python,这里下载2.7.14。
2.下载python2.7安装包。
安装python
点击Next
点击Next,这里可以记一下“C:\Python27\”,后面配置系统环境变量
点击“Next”
等待安装完成
点击Finish完成安装
配置python环境变量,为PATH变量添加参数“C:\Python27\”
测试python是否安装成功,打开cmd命令输入python
执行python命令:print 'Hello World!'
Python环境配置完毕。
第二步,使用工具测试漏洞
首先访问https://github.com/,登陆代码托管平台Github,直接搜索关键字“CVE-2017-10271”
2.下载hanc00l/weblogic_wls_wsat_rce项目,解压至F盘(可以测试Linux版本)
3. 查看README的内容
weblogic_wls_wsat_rce
Weblogic wls-wsat组件反序列化漏洞(CVE-2017-10271)利用脚本,参考https://github.com/s3xy/CVE-2017-10271修改。
命令执行并回显
直接上传shell
在linux下weblogic 10.3.6.0测试OK
使用方法及参数
python weblogic_wls_wsat_exp.py -t 172.16.80.131:7001
usage: weblogic_wls_wsat_exp.py [-h] -t TARGET [-c CMD] [-o OUTPUT] [-s SHELL]
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
weblogic ip and port(eg -> 172.16.80.131:7001)
-c CMD, --cmd CMD command to execute,default is "id"
-o OUTPUT, --output OUTPUT
output file name,default is output.txt
-s SHELL, --shell SHELL
local jsp file name to upload,and set -o xxx.jsp
4.执行命令测试:python weblogic_wls_wsat_exp.py -t targetip:port
F:\weblogic_wls_wsat_rce-master>python weblogic_wls_wsat_exp.py -t 10.6.3.240:7002 -c ls
Traceback (most recent call last):
File "F:\CVE-2017-10271-master\weblogic_wls_wsat_exp.py", line 3, in <module>
import requests
ImportError: No module named requests
根据错误信息,需要安装requests模块,使用easy_install工具执行命令安装模块:C:\Python27\Scripts\easy_install.exe requests
F:\weblogic_wls_wsat_rce-master>C:\Python27\Scripts\easy_install.exe requests
Searching for requests
Reading https://pypi.python.org/simple/requests/
Downloading https://pypi.python.org/packages/b0/e1/eab4fc3752e3d240468a8c0b28460
7899d2fbfb236a56b7377a329aa8d09/requests-2.18.4.tar.gz#md5=081412b2ef79bdc482298
91af13f4d82
Best match: requests 2.18.4
Processing requests-2.18.4.tar.gz
Writing
……
Installing chardetect-script.py script to c:\python27\Scripts
Installing chardetect.exe script to c:\python27\Scripts
Installing chardetect.exe.manifest script to c:\python27\Scripts
Installed c:\python27\lib\site-packages\chardet-3.0.4-py2.7.egg
Finished processing dependencies for requests
再次执行命令
F:\weblogic_wls_wsat_rce-master>python weblogic_wls_wsat_exp.py -t 10.6.3.240:7002 -c ls
autodeploy
bin
config
console-ext
dev=null
显然,命令执行成功。
第三步,更新补丁修复漏洞
在https://support.oracle.com上用关键字CVE-2017-10271搜索,找到2017年10月份的补丁文件并下载。【p26519424_1036_Generic.zip】
执行打补丁操作(注意:不同的环境和本文的路径会有所不同)
cams@SCT-APP:~>cd /home/cams/bea/middleware/wlserver_10.3/server/bin/
cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin>ls
international setWLSEnv.sh startNodeManager.sh
cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin> . ./setWLSEnv.sh
CLASSPATH=/home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/cams/bea/middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/java/jdk1.6.0_45/lib/tools.jar:/home/cams/bea/middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/cams/bea/middleware/wlserver_10.3/server/lib/weblogic.jar:/home/cams/bea/middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/home/cams/bea/middleware/wlserver_10.3/server/lib/webservices.jar:/home/cams/bea/middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/cams/bea/middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:.:/usr/java/jdk1.6.0_45/lib/dt.jar:/usr/java/jdk1.6.0_45/lib/tools.jar
PATH=/home/cams/bea/middleware/wlserver_10.3/server/bin:/home/cams/bea/middleware/modules/org.apache.ant_1.7.1/bin:/usr/java/jdk1.6.0_45/jre/bin:/usr/java/jdk1.6.0_45/bin:/usr/java/jdk1.6.0_45/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:
Your environment has been set.
cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin> java weblogic.version
WebLogic Server Temporary Patch for BUG22248372 Tue Nov 24 00:35:04 MST 2015
WebLogic Server 10.3.6.0.12 PSU Patch for BUG20780171 THU JUN 18 15:54:42 IST 2015
WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050
Use 'weblogic.version -verbose' to get subsystem information
Use 'weblogic.utils.Versions' to get version information for all modules
cams@SCT-APP:~/bea/middleware/wlserver_10.3/server/bin> cd /home/cams/bea/middleware/utils/bsu
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -status=applied -verbose -view
ProductName: WebLogic Server
ProductVersion: 10.3 MP6
Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
nistration Console,WebLogic Server/Configuration Wizard and
Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
ic Server/Evaluation Database,WebLogic Server/Workshop Code
Completion Support
BEAHome: /home/cams/bea/middleware
ProductHome: /home/cams/bea/middleware/wlserver_10.3
PatchSystemDir: /home/cams/bea/middleware/utils/bsu
PatchDir: /home/cams/bea/middleware/patch_wls1036
Profile: Default
DownloadDir: /home/cams/bea/middleware/utils/bsu/cache_dir
JavaVersion: 1.6.0_29
JavaVendor: Sun
Patch ID: EJUW
PatchContainer: EJUW.jar
Checksum: 1554039558
Severity: optional
Category: General
CR/BUG: 20780171
Restart: true
Description: WLS PATCH SET UPDATE 10.3.6.0.12
WLS PATCH SET UPDATE 10.3.
6.0.12
Patch ID: ZLNA
PatchContainer: ZLNA.jar
Checksum: -894774340
Severity: optional
Category: Security
CR/BUG: 22248372
Restart: true
Description: WEBLOGIC SERVER CVE-2015-4852 SECURITY ALERT PATCH (NOV 2015
)
WEBLOGIC SERVER CVE-2015-4852 SECURITY ALERT PATCH (NOV 20
15)
上传p26519424_1036_Generic.zip至DownloadDir:/home/cams/bea/middleware/utils/bsu/cache_dir路径下,并解压
cams@SCT-APP:~/bea/middleware/utils/bsu> cd cache_dir/
cams@SCT-APP:~/bea/middleware/utils/bsu/cache_dir> unzip p26519424_1036_Generic.zip
Archive: p26519424_1036_Generic.zip
extracting: FMJJ.jar
inflating: patch-catalog_25504.xml
replace README.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: r
new name: README2.txt
inflating: README2.txt
如果不知道如何打补丁,参考文章http://blog.itpub.net/31394774/viewspace-2142526/
cams@SCT-APP:~/bea/middleware/utils/bsu/cache_dir> cd ../
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -install -patch_download_dir=/home/cams/bea/middleware/utils/bsu/cache_dir/ -patchlist=FMJJ -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -verbose
检查冲突.....
检测到冲突 - 解决冲突情形并重新执行补丁程序安装
下面是冲突情形详细资料:
补丁程序 FMJJ 与以下补丁程序互相排斥且不能共存: EJUW,ZLNA
此时,需要将EJUW,ZLNA补丁卸载,使用-remove命令进行卸载。
【注意:需先卸载ZLNA,后卸载EJUW】
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -remove -patchlist=EJUW -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -verbose
检查冲突......
检测到冲突 - 解决冲突情形并重新执行补丁程序删除过程
下面是冲突情形详细资料:
必须先删除下列补丁程序, 才能删除所选补丁程序: ZLNA
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -remove -patchlist=ZLNA -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -verbose
检查冲突.......
未检测到冲突
开始删除补丁程序 ID: ZLNA
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/BUG22248372_1036.jar
更新 /home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
旧清单值: Class-Path= ../../../patch_jars/BUG22248372_1036.jar ../../../patch_jars/BUG20780171_1036012.jar ../../../patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar ../../../patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar ../../../patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxp_1.4.5.0.jar ../../../patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
新清单值: Class-Path= ../../../patch_jars/BUG22248372_1036.jar ../../../patch_jars/BUG20780171_1036012.jar ../../../patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar ../../../patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar ../../../patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxp_1.4.5.0.jar ../../../patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
结果: 成功
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -remove -patchlist=EJUW -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -verbose
检查冲突.......
未检测到冲突
开始删除补丁程序 ID: EJUW
删除 /home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar
删除 /home/cams/bea/middleware/wlserver_10.3/bugsfixed/WLS-PSU-bugsfixed.txt
删除 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar
删除 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-io-2.4.jar
删除 /home/cams/bea/middleware/wlserver_10.3/bugsfixed/20780171-WLS-10.3.6.0.12_PSU_WebServices-ClientSide-Configuration-README.txt
删除 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/common/bin/wlsifconfig.sh 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlstestclient.ear 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.utils.full_1.10.0.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-2.0.war 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient+ssl.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/glassfish.jstl_1.2.0.1.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-1.2.war 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jstl-1.2.war 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.oracle.cie.config-wls_7.2.0.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/jms-notran-adp.rar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/jms-xa-adp.rar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/jdbcdrivers.xml 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlclient.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.utils_1.10.0.0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
还原 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar 从 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/BUG20780171_1036012.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxp_1.4.5.0.jar
删除 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
更新 /home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
旧清单值: Class-Path= ../../../patch_jars/BUG20780171_1036012.jar ../../../patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar ../../../patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar ../../../patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxp_1.4.5.0.jar ../../../patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
新清单值: Class-Path=
结果: 成功
再次安装FMJJ补丁
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -install -patch_download_dir=/home/cams/bea/middleware/utils/bsu/cache_dir/ -patchlist=FMJJ -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -verbose
检查冲突.....
未检测到冲突
开始安装补丁程序 ID: FMJJ
安装 /home/cams/bea/middleware/utils/bsu/cache_dir/FMJJ.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/BUG26519424_10360171017.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxp_1.4.5.0.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.rt_1.4.0.0_2-1-5.jar
解压缩 /home/cams/bea/middleware/patch_wls1036/patch_jars/glassfish.jaxws.saaj.impl_1.0.0.0_2-1-5.jar
更新 /home/cams/bea/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar
旧清单值: Class-Path=
新清单值: Class-Path=../../../patch_jars/BUG26519424_10360171017.jar ../../../patch_jars/com.bea.core.apache.commons.fileupload_1.0.0.0_1-3-1.jar ../../../patch_jars/com.bea.core.stax2_2.0.0.0_3-0-3.jar ../../../patch_jars/glassfish.jaxb.xjc_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxb_1.2.0.0_2-1-14.jar ../../../patch_jars/glassfish.jaxp_1.4.5.0.jar ../../../patch_jars/glassfish.jaxws.mimepull_1.1.0.0_1-3-8.jar ../../../patch_jars/glassfish.jaxws.rt_1.4.0.0_2-1-5.jar ../../../patch_jars/glassfish.jaxws.saaj.impl_1.0.0.0_2-1-5.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/DefaultAuthorizerInit.ldift 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlstestclient.ear 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/jms-notran-adp.rar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/common/bin/wlsifconfig.sh 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl_1.4.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/javax.jsf_1.1.0.0_1-2.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.apache.commons.io_1.0.0.0_1-4.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.apache.xalan_2.7.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jstl-1.2.war 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/common/templates/domains/wls.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.apache.commons.collections_3.2.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-1.2.war 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.oracle.cie.config-wls_7.2.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlclient.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/glassfish.jstl_1.2.0.1.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.ja_1.4.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-2.0.war 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient+ssl.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.apache.xml.serializer_2.7.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/jms-xa-adp.rar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/jdbcdrivers.xml 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/DefaultAuthorizerInit.ldift
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlstestclient.ear
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/jms-notran-adp.rar
解压缩 /home/cams/bea/middleware/modules/com.oracle.cie.config-wls-schema_10.3.6.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-io-2.4.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift
解压缩 /home/cams/bea/middleware/wlserver_10.3/common/bin/wlsifconfig.sh
解压缩 /home/cams/bea/middleware/wlserver_10.3/bugsfixed/26519424-WLS-10.3.6.0.171017_PSU_WebServices-ClientSide-Configuration-README.txt
解压缩 /home/cams/bea/middleware/wlserver_10.3/bugsfixed/WLS-PSU-bugsfixed.txt
解压缩 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl_1.4.0.0.jar
解压缩 /home/cams/bea/middleware/modules/javax.jsf_1.1.0.0_1-2.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/schema/weblogic-domain-binding.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.apache.commons.io_1.0.0.0_1-4.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.apache.xalan_2.7.0.jar
解压缩 /home/cams/bea/middleware/modules/glassfish.jsf_1.0.0.0_1-2-15.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/console.jar
解压缩 /home/cams/bea/middleware/modules/javax.jsf_1.0.0.0_2-0.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.binding_1.4.0.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jstl-1.2.war
解压缩 /home/cams/bea/middleware/wlserver_10.3/common/templates/domains/wls.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/common/wlst/modules/jython-modules.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/consoleapp/APP-INF/lib/commons-fileupload.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlthint3client.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/XACMLAuthorizerUpdate_62.ldift
解压缩 /home/cams/bea/middleware/modules/com.bea.core.apache.commons.collections_3.2.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-1.2.war
解压缩 /home/cams/bea/middleware/modules/com.oracle.cie.config-wls_7.2.0.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlclient.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.stax2_2.0.0.0_3-0-3.jar
解压缩 /home/cams/bea/middleware/modules/glassfish.jstl_1.2.0.1.jar
解压缩 /home/cams/bea/middleware/modules/glassfish.jsf_1.0.0.0_2-0-4.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.descriptor.wl.ja_1.4.0.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/common/deployable-libraries/jsf-2.0.war
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/DefaultAuthorizerUpdate_62.ldift
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient+ssl.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.apache.xml.serializer_2.7.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/jms-xa-adp.rar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/jdbcdrivers.xml
备份 /home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
备份 /home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar 至 /home/cams/bea/middleware/patch_wls1036/backup/backup.jar
解压缩 /home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar52609.tmp
合并 /home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar52609.tmp 与 /home/cams/bea/middleware/modules/com.oracle.core.coherence.integration_1.2.0.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar22088.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar22088.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wls-api.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar46334.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar46334.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.common.security.impl_1.0.0.0_6-2-0-0.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar57180.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar57180.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.weblogic.security.wls_1.0.0.0_6-2-0-0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip61185.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip61185.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wseeclient.zip
解压缩 /home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar30164.tmp
合并 /home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar30164.tmp 与 /home/cams/bea/middleware/modules/ws.databinding_1.3.0.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war61491.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war61491.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/uddiexplorer.war
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar25254.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar25254.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/webserviceclient.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar35800.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar35800.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsafclient.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar63015.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar63015.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.apache_1.3.0.1.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar1609.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar1609.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml_1.0.0.0_6-2-0-0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar33270.tmp
更新 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar33270.tmp 到 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3client.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar15576.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar15576.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlw-langx.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar29013.tmp
更新 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar29013.tmp 到 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlt3jmsclient.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar43506.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar43506.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmxclient.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar43891.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar43891.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wlsaft3client.jar
解压缩 /home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar16566.tmp
合并 /home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar16566.tmp 与 /home/cams/bea/middleware/modules/ws.databinding.plugins_1.3.0.0.jar
解压缩 /home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar32086.tmp
合并 /home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar32086.tmp 与 /home/cams/bea/middleware/modules/com.oracle.core.weblogic.msgcat_1.2.0.0.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar34414.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar34414.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.bea.opensaml2_1.0.0.0_6-2-0-0.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar20553.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar20553.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.descriptor_1.10.0.0.jar
解压缩 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar52216.tmp
合并 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar52216.tmp 与 /home/cams/bea/middleware/wlserver_10.3/server/lib/wljmsclient.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar55023.tmp
合并 /home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar55023.tmp 与 /home/cams/bea/middleware/modules/com.bea.core.common.security.saml2_1.0.0.0_6-2-0-0.jar
解压缩 /home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar45419.tmp
更新 /home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar45419.tmp 到 /home/cams/bea/middleware/modules/com.bea.core.weblogic.stax_1.11.0.0.jar
结果: 成功
查看最新的补丁信息
cams@SCT-APP:~/bea/middleware/utils/bsu> ./bsu.sh -prod_dir=/home/cams/bea/middleware/wlserver_10.3/ -status=applied -verbose -view
ProductName: WebLogic Server
ProductVersion: 10.3 MP6
Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
nistration Console,WebLogic Server/Configuration Wizard and
Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
ic Server/Evaluation Database,WebLogic Server/Workshop Code
Completion Support
BEAHome: /home/cams/bea/middleware
ProductHome: /home/cams/bea/middleware/wlserver_10.3
PatchSystemDir: /home/cams/bea/middleware/utils/bsu
PatchDir: /home/cams/bea/middleware/patch_wls1036
Profile: Default
DownloadDir: /home/cams/bea/middleware/utils/bsu/cache_dir
JavaVersion: 1.6.0_29
JavaVendor: Sun
Patch ID: FMJJ
PatchContainer: FMJJ.jar
Checksum: 591477727
Severity: optional
Category: General
CR/BUG: 26519424
Restart: true
Description: WLS PATCH SET UPDATE 10.3.6.0.171017
WLS PATCH SET UPDATE 10
.3.6.0.171017
第四步,使用工具复测漏洞
启动一个weblogic域
cams@SCT-APP:~/bea/middleware/utils/bsu> cd /home/cams/bea/middleware/user_projects/domains/cams_wf/
cams@SCT-APP:~/bea/middleware/user_projects/domains/cams_wf> nohup ./startWebLogic.sh >/dev/null 2>&1 &
[1] 17849
cams@SCT-APP:~/bea/middleware/user_projects/domains/cams_wf> netstat -nlp | grep 7006
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 10.6.3.226:7006 0.0.0.0:* LISTEN 17902/java
tcp 0 0 127.0.0.1:7006 0.0.0.0:* LISTEN 17902/java
测试RCE漏洞
F:\weblogic_wls_wsat_rce-master>python weblogic_wls_wsat_exp.py -t 10.6.3.226:70
06 -c ls
[-]FAIL:404 no output
从测试返回结果“FAIL:404 no output”,显然漏洞已经修复。
3.最后,由于之前操作卸载了反序列化漏洞的补丁,还需使用测试“Java反序列化漏洞”是否存在。经过测试,反序列化漏洞也已经修复。(具体测试工具也可从Github上下载)
上述内容就是Weblogic WLS组件REC漏洞CVE-2017-10271测试与修复方案是什么,你们学到知识或技能了吗?如果还想学到更多技能或者丰富自己的知识储备,欢迎关注编程网行业资讯频道。