<<< JPCERT/CC Alert 2018-01-17 >>>
Alert Regarding Vulnerability (CVE-2017-10271) in Oracle WebLogic Server
JPCERT/CC has observed scans which seem to be targeting a vulnerability
(CVE-2017-10271) in Oracle WebLogic Server.
Figure 1: Scans to 7001/tcp in Japan (October 1, 2017 - January 16, 2018)
JPCERT/CC has received reports on attacks exploiting this vulnerability.
While any relationship with this vulnerability remains unclear, JPCERT/CC
has been observing a number of website compromises where a coin miner is
planted since October, 2017.
This vulnerability may allow arbitrary code execution with privileges of
the server application when a remote attacker sends a specially crafted
request to WLS Security, a component of the Oracle WebLogic Server. Attack
code exploiting this code is publicly available and JPCERT/CC has verified
that this code can be used for exploitation.
A version that addresses this vulnerability has been provided with the
Critical Patch Update on October 18, 2017. Users of affected versions are
recommended to update as soon as possible by referring to the information
in "III. Solution".
II. Affected Products
The following versions of Oracle WebLogic Server are affected by this
- Oracle WebLogic Server 10.3.6.0.0
- Oracle WebLogic Server 188.8.131.52.0
- Oracle WebLogic Server 184.108.40.206.0
- Oracle WebLogic Server 220.127.116.11.0
Oracle has provided a version that addresses this vulnerability. Please
consider updating to this version.
- Oracle WebLogic Server 18.104.22.168.0
Oracle has provided a Critical Patch Update on January 17, 2018. This
Critical Patch Update addresses other vulnerabilities as well. Please
refer to the information provided by Oracle and consider updating to
the latest available version.
Oracle Critical Patch Update Advisory - October 2017
Oracle Critical Patch Update Advisory - January 2018
Information-technology Promotion Agency (IPA)
Attacks exploiting vulnerability in Oracle WebLogic Server (CVE-2017-10271) (Japanese)
If you have any information regarding this alert, please contact
JPCERT Coordination Center (JPCERT/CC)
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602