Go to computer terminal for registration
On June 15, 2019, it was revealed that Oracle WebLogic had 0day command execution vulnerabilities that attackers can send carefully-constructed malicious HTTP requests. If the command is remotely executed without authorization, the risk is extremely high.
Note: Business may be unavailable due to any one of the following repair methods
1. Delete related components of wls-wsat.war and bea_wls9_async_response and reboot WebLogic, such as bea_wls9_async_response.war, com.oracle.webservices.wls.bea-wls9-async-response_*.war and wls-wsat.war
2. Disable Internet access to paths /_async/* and /wls-wsat/* with Identity and Access Management strategy
3. WebLogic ports are forbidden to access any external address or are allowed to access specific safe ip addresses only through the JD Cloud Security Group
We will focus on successive development. Please pay attention to the official announcement.
JD Cloud team2019-06-25 09:59:09