Oracle Weblogic 反序列化漏洞 (CVE-2018-2893 )的补丁升级操作

Oracle官方发布了7月份的关键补丁更新 CPU(CriticalPatchUpdate ),其中包含一个高危的 Weblogic 反序列化漏洞 (CVE-2018-2893 ),该漏洞通过JRMP协议利用RMI机制的缺陷达到执行任意反序列化代码的目。 攻击者可以在未授权情况下将 payload 封装在T3协议中,通过对T3协议中的 payload 进行反序列化,从而实现对存在漏洞的 进行反序列化,从而实现对存在漏洞的WebLogic组件进行远程攻击,执行任意代码并可获取目标系统的所有权限。受影响的颁布为Oracle WebLogicServer 10.3.6.0,Oracle WebLogicServer 12.1.3.0,Oracle WebLogicServer 12.2.1.2,Oracle WebLogicServer 12.2.1.3

Oracle目前已经发布了升级补丁可参考链接”Critical Patch Update (CPU) Program July 2018 Patch Availability Document (PAD) (Doc ID 2394520.1)”

我们的生产环境WebLogic主要是两个版本10.3.6.0与12.1.3.0。下面是具体操作
对于10.3.6.0版本需要执行bsh.sh脚本来进行补丁安装
1.首先下载补丁包27919965_1036_Generic.zip

2.将补丁包27919965_1036_Generic.zip上传到{MW_HOME}/utils/bsu/cache_dir 其中MW_HOME是Weblogic的BASE目录,类似于Oracle BASE目录

3.将补丁包27919965_1036_Generic.zip解压

[root@app1 cache_dir]# unzip p27919965_1036_Generic.zip
Archive:  p27919965_1036_Generic.zip
 extracting: B47X.jar                
  inflating: patch-catalog_26112.xml  
  inflating: README.txt              

4.执行安装命令(bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}) 其中WL_HOME是WebLogic home目录

root@app1 bsu]# ./bsu.sh -install -patch_download_dir=/wls11g/utils/bsu/cache_dir -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3
Checking for conflicts...............
No conflict(s) detected

Installing Patch ID: B47X..
Result: Success

5.检查补丁包是否安装成功

[root@app1 bsu]# ./bsu.sh -prod_dir=/wls11g/wlserver_10.3 -status=applied -verbose -view 
ProductName:       WebLogic Server
ProductVersion:    10.3 MP6
Components:        WebLogic Server/Core Application Server,WebLogic Server/Admi
                   nistration Console,WebLogic Server/Configuration Wizard and 
                   Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
                   r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
                    Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
                   erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
                   erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
                   ic Server/Evaluation Database,WebLogic Server/Workshop Code 
                   Completion Support
BEAHome:           /wls11g
ProductHome:       /wls11g/wlserver_10.3
PatchSystemDir:    /wls11g/utils/bsu
PatchDir:          /wls11g/patch_wls1036
Profile:           Default
DownloadDir:       /wls11g/utils/bsu/cache_dir
JavaVersion:       1.6.0_29
JavaVendor:        Sun


Patch ID:          B47X
PatchContainer:    B47X.jar
Checksum:          -345780037
Severity:          optional
Category:          General
CR/BUG:            27919965
Restart:           true
Description:       WLS PATCH SET UPDATE 10.3.6.0.180717
WLS PATCH SET UPDATE 10
                   .3.6.0.180717

6.重启WebLogic

[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.

Starting weblogic: 
[root@app1 bsu]# .
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=1024m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java-

1.6.0-openjdk-

1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl

s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-

contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar:.:/weblogic11_64/jdk1.6.0_20/lib/dt.jar:/weblogic11_64/jdk1.6.0_20/lib/tools.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-

1.6.0.0.x86_64/bin:/weblogic11_64/jdk1.6.0_20/bin:/usr/lib64/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at http://hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server   -Xms4096m -Xmx4096m  -XX:MaxPermSize=1024m -Dweblogic.Name=AdminServer -

Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true   -da -Dplatform.home=/wls11g/wlserver_10.3 -

Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -

Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath -

Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -verbose:gc -XX:

+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false  

weblogic.Server
<Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -

Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 
<Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -

Dweblogic.security.allowCryptoJDefaultPRNG=true> 

执行重启命令后,weblogic进行自动终止,并且没有生成任何日志与错误信息,如是我选择删除该补丁

7.删除补丁

root@app1 bsu]# ./bsu.sh -remove -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3
Checking for conflicts..............
No conflict(s) detected

Removing Patch ID: B47X..
Result: Success

8.重启WebLogic恢复正常

[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.

Starting weblogic: 
[root@app1 bsu]# .
.
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java-

1.6.0-openjdk-

1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl

s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-

contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-

1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at http://hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server   -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -

Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true   -da -Dplatform.home=/wls11g/wlserver_10.3 -

Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -

Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath -

Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -verbose:gc -XX:

+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false  

weblogic.Server
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -

Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -

Dweblogic.security.allowCryptoJDefaultPRNG=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> 
<Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 > 
<Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> 
<Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> 
<Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All 

server side log events will be written to this file.> 
<Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> 
<Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at 

'/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> 

9.由于安装补丁后不能正常启动weblogic所以选择禁用T3协议
登录控制台后在 bash_domain的配置页面中选择“安全”选项卡页面,再点击”筛选器”并在连接筛选器规则中设置以下规则

127.0.0.1 * * allow t3 t3s
0.0.0.0/0 * * deny t3 t3s


10.然后重新启动weblogic

[root@app1 bsu]# service weblogic restart
Stopping weblogic: weblogic is not running.

Starting weblogic: 
[root@app1 bsu]# .
.
JAVA Memory arguments: -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m
.
WLS Start Mode=Production
.
CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java-

1.6.0-openjdk-

1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl

s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-

contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar
.
PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk-

1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at http://hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.6.0"
OpenJDK  Runtime Environment (build 1.6.0-b09)
OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode)
Starting WLS with line:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server   -Xms4096m -Xmx4096m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -

Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy  -Dweblogic.ProductionModeEnabled=true   -da -Dplatform.home=/wls11g/wlserver_10.3 -

Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -

Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath -

Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server   -Dweblogic.management.discover=true  -verbose:gc -XX:

+PrintGCTimeStamps  -XX:+HeapDumpOnOutOfMemoryError  -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false  

weblogic.Server
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -

Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -

Dweblogic.security.allowCryptoJDefaultPRNG=true> 
<Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> 
<Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050 > 
<Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> 
<Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> 
<Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All 

server side log events will be written to this file.> 
<Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> 
<Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at 

'/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> 
<Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> 

对于12.1.3.0版本使用OPatch来进行补丁安装
1.将最新的OPatch工具上传到WebLogic所在服务器并解压

[root@ldjc wls12c]# unzip p6880880_132000_Generic.zip
Archive:  p6880880_132000_Generic.zip
replace OPatch/ocm/lib/emocmutl.jar? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: OPatch/ocm/lib/emocmutl.jar  
replace OPatch/ocm/doc/dummy.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
 extracting: OPatch/ocm/doc/dummy.txt  
 extracting: OPatch/ocm/bin/dummy    
  inflating: OPatch/ocm/ocm_platforms.txt  
 extracting: OPatch/ocm/generic.zip  
  inflating: OPatch/oplan/README.html  
  inflating: OPatch/oplan/oplan      
  inflating: OPatch/oplan/README.txt  
  inflating: OPatch/oplan/jlib/EMrepoDrivers.jar  
  inflating: OPatch/oplan/jlib/automation.jar  
  inflating: OPatch/oplan/jlib/Validation.jar  
  inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/oplan/jlib/CRSProductDriver.jar  
  inflating: OPatch/oplan/jlib/OsysModel.jar  
  inflating: OPatch/oplan/jlib/oplan.jar  
  inflating: OPatch/oplan/jlib/jaxb/activation.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/oplan/jlib/ValidationRules.jar  
  inflating: OPatch/oplan/jlib/patchsdk.jar  
  inflating: OPatch/oplan/jlib/osysmodel-utils.jar  
  inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/operr.bat        
  inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml  
   creating: OPatch/opatchprereqs/opatch/
  inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch/rulemap.xml  
  inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch_prereq.sh  
  inflating: OPatch/opatchprereqs/prerequisite.properties  
  inflating: OPatch/opatch           
  inflating: OPatch/emdpatch.pl      
  inflating: OPatch/version.txt      
  inflating: OPatch/opatch.ini       
  inflating: OPatch/operr            
  inflating: OPatch/README.txt       
  inflating: OPatch/opatch.pl        
  inflating: OPatch/scripts/opatch_wls.bat  
  inflating: OPatch/scripts/opatch_jvm_discovery.bat  
  inflating: OPatch/scripts/opatch_wls  
  inflating: OPatch/scripts/opatch_jvm_discovery  
  inflating: OPatch/docs/operr_readme.txt  
  inflating: OPatch/docs/README.txt  
  inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar  
  inflating: OPatch/jlib/opatchsdk.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar  
  inflating: OPatch/jlib/opatch.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.jar  
  inflating: OPatch/opatch.bat       

[root@ldjc wls12c]# chown -R xxxx:xxxx /wls12c/OPatch

2.将补丁包上传unzip p27919943_121300_Generic.zip到WebLogic所在服务器并解压

[root@ldjc soft]# unzip p27919943_121300_Generic.zip
Archive:  p27919943_121300_Generic.zip
   creating: 27919943/
   creating: 27919943/etc/
   creating: 27919943/etc/config/
  inflating: 27919943/etc/config/actions.xml  
  inflating: 27919943/etc/config/inventory.xml  
   creating: 27919943/files/
   creating: 27919943/files/inventory/
   creating: 27919943/files/inventory/Components/
   creating: 27919943/files/inventory/Components/oracle.css.mod/
   creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/
   creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/
   creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/
  inflating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/compDef.xml  
   creating: 27919943/files/inventory/Components/oracle.fmwconfig.common.shared/
...省略...

3.安装补丁

[weblogic@ldjc OPatch]$ ./opatch apply /soft/27919943/
Oracle Interim Patch Installer version 13.2.0.0.0
Copyright (c) 2014, Oracle Corporation.  All rights reserved.


Oracle Home       : /wls12c
Central Inventory : /home/weblogic/oraInventory
   from           : /wls12c/oraInst.loc
OPatch version    : 13.2.0.0.0
OUI version       : 13.2.0.0.0
Log file location : /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log


OPatch detects the Middleware Home as "/wls12c"

Jul 20, 2018 6:54:41 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level  0
Applying interim patch '27919943' to OH '/wls12c'
Verifying environment and performing prerequisite checks...
Interim patch 27919943 is a superset of the patch(es) [  22250567 21370953 ] in the Oracle Home
OPatch will roll back the subset patches and apply the given patch.
All checks passed.

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/wls12c')


Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Rolling back interim patch '22250567' from OH '/wls12c'

Patching component oracle.wls.libraries, 12.1.3.0.0...

Patching component oracle.wls.libraries, 12.1.3.0.0...

Patching component oracle.wls.clients, 12.1.3.0.0...

Patching component oracle.wls.clients, 12.1.3.0.0...
RollbackSession removing interim patch '22250567' from inventory
Rolling back interim patch '21370953' from OH '/wls12c'

Patching component oracle.wls.libraries, 12.1.3.0.0...

Patching component oracle.wls.libraries, 12.1.3.0.0...

Patching component oracle.wls.clients, 12.1.3.0.0...

Patching component oracle.wls.clients, 12.1.3.0.0...

Patching component oracle.wls.core.app.server, 12.1.3.0.0...

Patching component oracle.wls.core.app.server, 12.1.3.0.0...

Patching component oracle.wls.libraries.mod, 12.1.3.0.0...

Patching component oracle.wls.libraries.mod, 12.1.3.0.0...

Patching component oracle.webservices.wls, 12.1.3.0.0...

Patching component oracle.webservices.wls, 12.1.3.0.0...

Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...

Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...

Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...

Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...

Patching component oracle.wls.admin.console.en, 12.1.3.0.0...

Patching component oracle.wls.admin.console.en, 12.1.3.0.0...
RollbackSession removing interim patch '21370953' from inventory


OPatch back to application of the patch '27919943' after auto-rollback.


Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...

Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0...

Patching component oracle.css.mod, 12.1.3.0.0...

Patching component oracle.css.mod, 12.1.3.0.0...

Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0...

Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0...

Patching component oracle.wls.common.nodemanager, 12.1.3.0.0...

Patching component oracle.wls.common.nodemanager, 12.1.3.0.0...

Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...

Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0...

Patching component oracle.webservices.base, 12.1.3.0.0...

Patching component oracle.webservices.base, 12.1.3.0.0...

Patching component oracle.wls.shared.with.cam, 12.1.3.0.0...

Patching component oracle.wls.shared.with.cam, 12.1.3.0.0...

Patching component oracle.webservices.orawsdl, 12.1.3.0.0...

Patching component oracle.webservices.orawsdl, 12.1.3.0.0...

Patching component oracle.wls.libraries.mod, 12.1.3.0.0...

Patching component oracle.wls.libraries.mod, 12.1.3.0.0...

Patching component oracle.wls.admin.console.en, 12.1.3.0.0...

Patching component oracle.wls.admin.console.en, 12.1.3.0.0...

Patching component oracle.wls.core.app.server, 12.1.3.0.0...

Patching component oracle.wls.core.app.server, 12.1.3.0.0...

Patching component oracle.webservices.wls, 12.1.3.0.0...

Patching component oracle.webservices.wls, 12.1.3.0.0...

Patching component oracle.wls.clients, 12.1.3.0.0...

Patching component oracle.wls.clients, 12.1.3.0.0...

Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0...

Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0...

Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0...

Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0...

Patching component oracle.wls.libraries, 12.1.3.0.0...

Patching component oracle.wls.libraries, 12.1.3.0.0...

Verifying the update...
Patch 27919943 successfully applied
Log file location: /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log

OPatch succeeded.

4.查看补丁是否安装成功从输出结果可以看到已经安装成功

[weblogic@ldjc OPatch]$ ./opatch lspatches
Jul 20, 2018 7:00:17 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl
INFO: Install area Control created with access level  0
27919943;WLS PATCH SET UPDATE 12.1.3.0.180717
20741228;JDBC 12.1.3.1 BP1

OPatch succeeded.

5.重启weblogic

[root@ldjc base_domain]# service weblogic restart
Stopping weblogic: 
Starting weblogic: 
.
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m
.
CLASSPATH=/opt/jdk1.7.0_75/lib/tools.jar:/wls12c/wlserver/server/lib/weblogic_sp.jar:/wls12c/wlserver/server/lib/weblogic.jar:/wls12c/wlserver/../oracle_common/modules/net.sf.antcontrib_1.1

.0.0_1-0b3/lib/ant-contrib.jar:/wls12c/wlserver/modules/features/oracle.wls.common.nodemanager_2.0.0.0.jar:/wls12c/wlserver/../oracle_common/modules/com.oracle.cie.config-wls-

online_8.1.0.0.jar:/wls12c/wlserver/common/derby/lib/derbyclient.jar:/wls12c/wlserver/common/derby/lib/derby.jar:/wls12c/wlserver/server/lib/xqrl.jar
.
PATH=/wls12c/wlserver/server/bin:/wls12c/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/opt/jdk1.7.0_75/jre/bin:/opt/jdk1.7.0_75/bin:/sbin:/usr/sbin:/bin:/usr/bin
.
***************************************************
*  To start WebLogic Server, use a username and   *
*  password assigned to an admin-level user.  For *
*  server administration, use the WebLogic Server *
*  console at http://hostname:port/console        *
***************************************************
starting weblogic with Java version:
java version "1.7.0_75"
Java(TM) SE Runtime Environment (build 1.7.0_75-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.75-b04, mixed mode)
Starting WLS with line:
/opt/jdk1.7.0_75/bin/java -server   -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -

Djava.security.policy=/wls12c/wlserver/server/lib/weblogic.policy  -Xverify:none -Djava.endorsed.dirs=/opt/jdk1.7.0_75/jre/lib/endorsed:/wls12c/wlserver/../oracle_common/modules/endorsed  

-da -Dwls.home=/wls12c/wlserver/server -Dweblogic.home=/wls12c/wlserver/server     -Dweblogic.utils.cmm.lowertier.ServiceDisabled=true  weblogic.Server


<Jul 20, 2018 7:20:33 AM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls12c/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All 

server side log events will be written to this file.> 
<Jul 20, 2018 7:20:35 AM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> 
<Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.runtime.> 
<Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.domainruntime.> 
<Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://12.18.1.249:7001/jndi/weblogic.management.mbeanservers.edit.> 
<Jul 20, 2018 7:20:36 AM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3 was not deployed. Error: 

[Deployer:149158]No application files exist at "/wls12c/wlserver/server/lib/../../../oracle_common/modules/com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3.war".> 
<Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY.> 
<Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.> 

到此补丁升级完成

2 thoughts on “Oracle Weblogic 反序列化漏洞 (CVE-2018-2893 )的补丁升级操作

  1. 谢谢你的文章,我打了补丁一直无法启动,各种找原因,看到你文章 才考虑卸载补丁,结果wls可以启动了

发表评论

电子邮件地址不会被公开。