JPCERT-AT-2019-0028
JPCERT/CC
2019-06-19
Oracle
Oracle Security Alert Advisory - CVE-2019-2729
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html
- Oracle WebLogic Server 12.2.1.3.0
- Oracle WebLogic Server 12.1.3.0.0
- Oracle WebLogic Server 10.3.6.0.0
- Oracle WebLogic Server 12.2.1.3.0 *
- Oracle WebLogic Server 12.1.3.0.0 *
- Oracle WebLogic Server 10.3.6.0.0 *
* As of June 19 (JST), the details of patch information cannot be confirmed in public. For more detail of the vulnerability, please contact Oracle.
Some applications that use affected products may not run properly after applying patch. Please apply the patch after considering any possible impacts to applications that you may use.
Oracle
Oracle Security Alert Advisory - CVE-2019-2729
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html
Oracle
Security Alert CVE-2019-2729 Released
https://blogs.oracle.com/security/security-alert-cve-2019-2729-released
Oracle
Lifetime Support Stages for Your Oracle Products
https://www.oracle.com/support/lifetime-support/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-6271-8901 FAX: +81-3-6271-8908
https://www.jpcert.or.jp/english/
JPCERT/CC
2019-06-19
I. Overview
On June 18, 2019 (local time), Oracle released a security advisory regarding a vulnerability (CVE-2019-2729) in Oracle WebLogic Server.According to the advisory, Oracle WebLogic Server contains a deserialization vulnerability. A remote attacker leveraging this vulnerability may execute arbitrary code.Oracle
Oracle Security Alert Advisory - CVE-2019-2729
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html
II. Affected Products
The following versions are affected by this vulnerability.- Oracle WebLogic Server 12.2.1.3.0
- Oracle WebLogic Server 12.1.3.0.0
- Oracle WebLogic Server 10.3.6.0.0
III. Solution
Oracle has released a patch for Oracle WebLogic Server that addresses this vulnerability. It is recommended to apply the patch as soon as possible.- Oracle WebLogic Server 12.2.1.3.0 *
- Oracle WebLogic Server 12.1.3.0.0 *
- Oracle WebLogic Server 10.3.6.0.0 *
* As of June 19 (JST), the details of patch information cannot be confirmed in public. For more detail of the vulnerability, please contact Oracle.
Some applications that use affected products may not run properly after applying patch. Please apply the patch after considering any possible impacts to applications that you may use.
IV. References
Oracle
Oracle Security Alert Advisory - CVE-2019-2729
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html
Oracle
Security Alert CVE-2019-2729 Released
https://blogs.oracle.com/security/security-alert-cve-2019-2729-released
Oracle
Lifetime Support Stages for Your Oracle Products
https://www.oracle.com/support/lifetime-support/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-6271-8901 FAX: +81-3-6271-8908
https://www.jpcert.or.jp/english/