zoukankan      html  css  js  c++  java

  • WEBLOGIC 11G (10.3.6) windows PSU 升级10.3.6.0.171017(Java 反序列化漏洞升级)

    10.3.6版本的weblogic需要补丁到10.3.6.0.171017(2017年10月份的补丁,Java 反序列化漏洞升级),oracle官方建议至少打上2017年10月份补丁;10.3.6以下的版本需要升级至10.3.6 然后在补丁升级。

    一、查看版本

    1、用下面命令重配环境变量
    D:OracleMiddlewarewlserver_10.3serverin
    setWLSEnv.cmd

    1.1、查看weblogic version

    D:OracleMiddlewareutilssu>java weblogic.version

    WebLogic Server Temporary Patch for BUG22248372 Tue Nov 24 00:35:04 MST 2015
    WebLogic Server 10.3.6.0.12 PSU Patch for BUG20780171 THU JUN 18 15:54:42 IST 2015
    WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050

    Use 'weblogic.version -verbose' to get subsystem information

    Use 'weblogic.utils.Versions' to get version information for all modules

    D:OracleMiddlewareutilssu

    C:Program Files (x86)Javajdk1.6.0_43

    1.2、weblogic version详细信息
    D:OracleMiddlewareutilssu>java weblogic.version -verbose

    WebLogic Server Temporary Patch for BUG22248372 Tue Nov 24 00:35:04 MST 2015 ImplVersion: 10.3.6.0
    WebLogic Server 10.3.6.0.12 PSU Patch for BUG20780171 THU JUN 18 15:54:42 IST 2015 ImplVersion: 10.3.6.0
    WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 ImplVersion: 10.3.6.0
    Oracle WebLogic Server Module Dependencies 10.3 Thu Sep 29 17:47:37 EDT 2011 ImplVersion: 10.3.6.0
    Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies 10.3 Wed Jun 15 17:54:24 EDT 2011 ImplVersion: 10.3.6.0
    Oracle Virtual Machine Manager Client implementation ImplVersion: 1.1.0.0
    WebLogic Descriptors for J2EE 1.6 Wed Dec 1 17:14:50 EST 2010 ImplVersion: 1.6.0.0
    WebLogic Descriptors for J2EE 1.6 Binding Bundle ImplVersion: 1.6.0.0
    WebLogic Specific Descriptors 1.4 Mon Aug 8 09:26:15 MDT 2011 ImplVersion: 1.4.0.0
    WebLogic Specific Descriptors 1.4 Binding Bundle ImplVersion: 1.4.0.0
    WebLogic Datasource 1.10 Sat Nov 12 08:11:09 PST 2011 ImplVersion: 1.10.0.0
    WebLogic Datasource 1.10 Binding Bundle ImplVersion: 1.10.0.0
    WebLogic Beangen Client Capable 1.7 Wed Feb 24 16:02:48 PST 2010 ImplVersion: 1.7.0.0
    WebLogic Beangen 1.7 Binding Bundle ImplVersion: 1.7.0.0
    WebLogic Management Core Interfaces Client Capable 2.9 Thu Aug 11 17:17:14 PDT 2011 ImplVersion: 2.9.0.1
    WebLogic Management Core Interfaces 2.9 Binding Bundle ImplVersion: 2.9.0.1
    WebLogic EJBGen Client Capable 1.1 Tue Nov 2 03:30:53 PDT 2010 ImplVersion: 1.1.0.3
    WebLogic STAX Client Capable 1.10 Wed Jun 8 09:12:28 EDT 2011 ImplVersion: 1.10.0.0
    WebLogic Utils Client Capable 1.10 Sat Oct 29 15:34:23 MDT 2011 ImplVersion: 1.10.0.0
    WebLogic SAAJ 1.8 Mon Oct 17 02:49:29 PDT 2011 ImplVersion: 1.8.0.0
    WebLogic Apache Classes Client Capable 1.3 Mon Sep 19 23:58:26 EDT 2011 ImplVersion: 1.3.0.1
    WebLogic BeanInfo Caching and Discovery Client Capable 2.4 Sat Oct 25 20:46:29 PDT 2008 ImplVersion: 2.4.0.0
    WebLogic Descriptor Client Capable 1.10 Wed Aug 10 12:59:06 PDT 2011 ImplVersion: 1.10.0.0
    Oracle JFR 1.0 Thu Feb 18 19:06:33 PST 2010 ImplVersion: 1.0.0.0
    WebLogic Diagnostics Core Interfaces Client Capable 2.6 Thu Oct 6 01:11:08 EDT 2011 ImplVersion: 2.6.0.0
    WebLogic Diagnostics Logging Client Capable 1.2 Fri Dec 12 11:37:59 MST 2008 ImplVersion: 1.2.0.0
    WebLogic Diagnostics Query Module Client Capable 1.3 Fri Jul 1 07:32:00 PDT 2011 ImplVersion: 1.3.0.0
    WebLogic Diagnostics Instrumentor Tool 1.8 Thu Oct 6 01:11:08 EDT 2011 ImplVersion: 1.8.0.0
    WebLogic Diagnostics Instrumentor Config Tool 1.8 Thu Oct 6 01:11:08 EDT 2011 ImplVersion: 1.8.0.0
    WebLogic Diagnostics JRockit Flight Recorder Interfaces Client Capable 1.2 Wed Dec 1 17:41:28 EST 2010 ImplVersion: 1.2.0.0
    WebLogic i18n Runtime Support Client Capable 1.9 Thu Sep 1 07:41:47 PDT 2011 ImplVersion: 1.9.0.0
    WebLogic i18n Build Support Client Capable 1.5 Fri Feb 19 15:03:15 EST 2010 ImplVersion: 1.5.0.0
    WebLogic I18N tools Client Capable 1.4 Thu Sep 1 07:41:47 PDT 2011 ImplVersion: 1.4.0.0
    WebLogic Management JMX Interfaces 1.4 Fri Sep 16 16:19:28 EDT 2011 ImplVersion: 1.4.2.0
    WebLogic Security Provider Generation Tool 1.5 Wed Oct 14 16:39:28 MDT 2009 ImplVersion: 1.5.0.0
    WebLogic Security Provider Generation Tool Client Capable 1.5 Wed Oct 14 16:39:28 MDT 2009 ImplVersion: 1.5.0.0
    WebLogic Messaging Kernel Client Capable 1.8 Mon Aug 23 21:42:11 EDT 2010 ImplVersion: 1.8.0.0
    WebLogic Resource Pool Client Capable 1.8 Thu Oct 6 16:06:35 PDT 2011 ImplVersion: 1.8.0.0
    WebLogic Socket Muxer API Client Capable 1.3 Thu Aug 18 16:24:35 EDT 2011 ImplVersion: 1.3.0.0
    WebLogic RMI Client Capable 1.11 Tue Sep 20 15:07:37 EDT 2011 ImplVersion: 1.11.0.0
    WebLogic Store Client Capable 1.8 Mon Oct 3 09:57:28 PDT 2011 ImplVersion: 1.8.0.0
    WebLogic STORE GXA Client Capable 1.7 Fri Apr 1 14:30:50 PDT 2011 ImplVersion: 1.7.0.0
    WebLogic Store Admin Tool Client Capable 1.3 Thu Apr 28 09:32:45 PDT 2011 ImplVersion: 1.3.0.0
    WebLogic JDBC Store Client Capable 1.3 Fri Sep 16 08:41:14 MDT 2011 ImplVersion: 1.3.1.0
    WebLogic JTA implementation Client Capable 2.7 Sat Oct 15 07:12:58 PDT 2011 ImplVersion: 2.7.1.0
    WebLogic Utils 1.10 Sat Oct 29 15:34:23 MDT 2011 ImplVersion: 1.10.0.0
    WebLogic Utility Classloader implementations Client Capable 2.0 Wed May 18 10:00:41 PDT 2011 ImplVersion: 2.0.0.0
    WebLogic java compiler utils package Client Capable 1.2 Thu Feb 11 03:38:50 EST 2010 ImplVersion: 1.2.0.0
    WebLogic Utils for working with Expressions Client Capable 1.4 Tue Sep 29 14:45:53 EDT 2009 ImplVersion: 1.4.0.0
    WebLogic Utils for Dynamically Generated Class Wrappers Client Capable 1.4 Fri Feb 13 14:44:23 MST 2009 ImplVersion: 1.4.0.0
    WebLogic Timers Client Capable 1.7 Fri Feb 4 14:23:26 MST 2011 ImplVersion: 1.7.1.0
    WebLogic Work Manager Client Capable 1.11 Thu Oct 6 11:12:55 PDT 2011 ImplVersion: 1.11.0.0
    WebLogic Workarea Client Capable 1.8 Tue Jun 28 04:08:48 EDT 2011 ImplVersion: 1.8.0.0
    WebLogic XML XPath Implementation Client Capable 1.5 Thu Sep 1 22:11:12 EDT 2011 ImplVersion: 1.5.0.0
    WebLogic Security 1.0 Fri Aug 19 08:44:53 MDT 2011 ImplVersion: 6.2.0.0
    WebLogic security ssl classes 1.0 Tue Jun 15 17:39:53 EDT 2010 ImplVersion: 1.0.0.0
    WebLogic Nodemanager Plugin Client Capable 1.3 Tue Nov 18 18:23:10 EST 2008 ImplVersion: 1.3.0.0
    WebLogic JMS Pool Client Capable 1.9 Wed Apr 13 13:03:26 EDT 2011 ImplVersion: 1.9.0.0
    WebLogic Http Pub/Sub Module Client Capable 1.7 Fri Jul 8 13:06:46 EDT 2011 ImplVersion: 1.7.0.0
    WebLogic WebApp Container Public API Client Capable 1.4 Fri Oct 1 20:01:15 PDT 2010 ImplVersion: 1.4.0.0
    WebLogic Coherence Descriptor 1.2 Thu Sep 1 08:29:31 PDT 2011 ImplVersion: 1.2.0.0
    WebLogic Coherence Descriptor 1.2 Binding Bundle ImplVersion: 1.2.0.0
    WebLogic WebService Public API's 1.1 Tue Sep 21 22:15:05 EDT 2010 ImplVersion: 1.1.0.0
    WebLogic EclipseLink Integration 1.0 Thu Feb 25 14:56:43 PST 2010 ImplVersion: 1.0.0.0
    WebLogic SCA Client 1.0 Thu Feb 25 00:27:10 EST 2010 ImplVersion: 1.0.0.0
    WebLogic RAC Module UCP Client Capable 1.1 Thu Oct 6 16:06:35 PDT 2011 ImplVersion: 1.1.0.0
    Oracle Universal Connection Pool ImplVersion: 11.2.0.3.0

    SERVICE NAME VERSION INFORMATION
    ============ ===================
    Kernel Commonj WorkManager v1.1
    TimerService Commonj TimerManager v1.1
    CorbaService CORBA 2.3, IIOP 1.2, RMI-IIOP SFV2, OTS 1.2, CSIv2 Level 0 + Stateful
    XMLService XML 1.1
    Transaction Service JTA 1.1
    JDBCService JSR-221, JDBC 4.0
    CustomResourceServerService 1.0.0.0
    Servlet Container Servlet 2.5, JSP 2.1
    WebServices JSR-173, JAX-RPC, JSR-109, WSDL, WS-Addressing, WS-Policy, JAX-B, JAX-R, UDDI, WS-Management(HP), JAXP-1.3, WS-Security
    Transaction Stop Service JTA 1.1
    Pre Admin Singleton Services S 1.0
    Singleton Services Batch Manag 1.0
    Post Admin Singleton Services 1.0
    EJB Container EJB 3.0
    MDBService EJB 3.0
    EJBTimerService EJB 3.0
    J2EE Connector 1.5
    JMS Service JMS 1.1


    D:OracleMiddlewareutilssu>


    1.3、weblogic version 详细信息
    D:OracleMiddlewareutilssu>bsu.cmd -prod_dir=D:OracleMiddlewarewlserver_10.3 -status=applied -verbose -view

    报错信息如下:
    D:OracleMiddlewareutilssu>bsu.cmd -prod_dir=D:OracleMiddlewarewlserver_10.3 -status=applied -verbose -view
    Exception in thread "Thread-0" Exception in thread "Main Thread" java.lang.OutOfMemoryError
    java.lang.NoClassDefFoundError: com/bea/plateng/patch/PatchSystem
    at com.bea.plateng.patch.PatchClientHelper.getAllPatchDetails(PatchClientHelper.java:74)
    at com.bea.plateng.patch.PatchInstallationHelper.cleanupPatchSets(PatchInstallationHelper.java:130)
    at com.bea.plateng.patch.PatchTarget.<init>(PatchTarget.java:272)
    at com.bea.plateng.patch.PatchTargetFactory.create(PatchTargetFactory.java:30)
    at com.bea.plateng.patch.PatchTargetHelper.getPatchTargets(PatchTargetHelper.java:204)
    at com.bea.plateng.patch.PatchTargetHelper.updatePatchTargets(PatchTargetHelper.java:119)
    at com.bea.plateng.patch.PatchTargetHelper.getAllPatchTargets(PatchTargetHelper.java:74)
    at com.bea.plateng.patch.PatchTargetHelper.getPatchTarget(PatchTargetHelper.java:247)
    at com.bea.plateng.patch.Patch.getPatchTarget(Patch.java:432)
    at com.bea.plateng.patch.Patch.getPatchTarget(Patch.java:416)
    at com.bea.plateng.patch.Patch.main(Patch.java:251)

    环境变量没有问题:修改bsu.cmd 运行内存
    =======================================================
    @ECHO OFF
    SETLOCAL

    SET JAVA_HOME=D:OracleMiddlewarejrockit_160_29_D1.2.0-10
    FOR %%i IN ("%JAVA_HOME%") DO SET JAVA_HOME=%%~fsi

    SET JAVA=%1
    IF DEFINED JAVA (
    SET JAVA=java
    ) ELSE (
    SET JAVA=javaw
    )

    set MEM_ARGS=-Xms512m -Xmx1024m --修改后结果

    "%JAVA_HOME%in\%JAVA%" %MEM_ARGS% -jar patch-client.jar %*

    ENDLOCAL
    =========================================================
    正常显示如下:

    D:OracleMiddlewareutilssu>bsu.cmd -prod_dir=D:OracleMiddlewarewlserver_10.3 -status=applied -verbose -view
    ProductName: WebLogic Server
    ProductVersion: 10.3 MP6
    Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
    nistration Console,WebLogic Server/Configuration Wizard and
    Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
    r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
    Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
    erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
    erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
    ic Server/Evaluation Database,WebLogic Server/Workshop Code
    Completion Support
    BEAHome: D:OracleMiddleware
    ProductHome: D:OracleMiddlewarewlserver_10.3
    PatchSystemDir: D:OracleMiddlewareutilssu
    PatchDir: D:OracleMiddlewarepatch_wls1036
    Profile: Default
    DownloadDir: D:OracleMiddlewareutilssucache_dir
    JavaHome: D:OracleMiddlewarejdk160_29
    JavaVersion: 1.6.0_29
    JavaVendor: Sun


    Patch ID: EJUW
    PatchContainer: EJUW.jar
    Checksum: 1554039558
    Severity: optional
    Category: General
    CR/BUG: 20780171
    Restart: true
    Description: WLS PATCH SET UPDATE 10.3.6.0.12
    WLS PATCH SET UPDATE 10.3.6.0.12

    Patch ID: ZLNA
    PatchContainer: ZLNA.jar
    Checksum: -894774340
    Severity: optional
    Category: Security
    CR/BUG: 22248372
    Restart: true
    Description: WEBLOGIC SERVER CVE-2015-4852 SECURITY ALERT PATCH (NOV 2015
    )
    WEBLOGIC SERVER CVE-2015-4852 SECURITY ALERT PATCH (NOV 20
    15)

    二、打补丁
    先卸载之前已打的补丁。。。
    ====================================================
    卸载:
    D:OracleMiddlewareutilssu>bsu.cmd -install -patch_download_dir=d:OracleMiddlewareutilssucache_dir -patchlist=FMJJ -prod_dir=D:OracleMiddlewarewlserver_10.3
    检查冲突..........
    检测到冲突 - 解决冲突情形并重新执行补丁程序安装
    下面是冲突情形详细资料:
    补丁程序 FMJJ 与以下补丁程序互相排斥且不能共存: EJUW,ZLNA
    终止批处理操作吗(Y/N)? y

    D:OracleMiddlewareutilssu>

    - Stop all WebLogic Servers
    - Navigate to the {MW_HOME}/utils/bsu directory.
    - Execute bsu.sh -remove -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}

    D:OracleMiddlewareutilssu>bsu.cmd -remove -patchlist=ZLNA -prod_dir=D:OracleMiddlewarewlserver_10.3
    D:OracleMiddlewareutilssu>bsu.cmd -remove -patchlist=EJUW -prod_dir=D:OracleMiddlewarewlserver_10.3
    检查冲突...........
    检测到冲突 - 解决冲突情形并重新执行补丁程序删除过程
    下面是冲突情形详细资料:
    必须先删除下列补丁程序, 才能删除所选补丁程序: ZLNA

    D:OracleMiddlewareutilssu>
    D:OracleMiddlewareutilssu>
    D:OracleMiddlewareutilssu>
    D:OracleMiddlewareutilssu>
    D:OracleMiddlewareutilssu>
    D:OracleMiddlewareutilssu>bsu.cmd -remove -patchlist=ZLNA -prod_dir=D:OracleMiddlewarewlserver_10.3
    检查冲突...........
    未检测到冲突

    删除补丁程序 ID: ZLNA..
    结果: 成功

    D:OracleMiddlewareutilssu>
    D:OracleMiddlewareutilssu>bsu.cmd -remove -patchlist=EJUW -prod_dir=D:OracleMiddlewarewlserver_10.3
    检查冲突...........
    未检测到冲突

    删除补丁程序 ID: EJUW..
    结果: 成功


    Post-Uninstallation Instructions
    --------------------------------
    a) Restart all WebLogic Servers.
    ====================================================

    1、解压补丁包zip文件,得到两个文件 一个.jar 一个.xml 将这个两个文件拷贝到weblogic目录下utils/bsu/cache_dir 中,如果没有cache_dir 自己创建。当然这个目录也可以自己指定。

    unzip p26519424_1036_Generic.zip to {MW_HOME}/utils/bsu/cache_dir

    2、应用补丁
    D:OracleMiddlewareutilssu>bsu.cmd -install -patch_download_dir=d:OracleMiddlewareutilssucache_dir -patchlist=FMJJ -prod_dir=D:OracleMiddlewarewlserver_10.3

    说明
    -patch_download_dir 是上步中那两个文件所在的目录
    -prod_dir weblogic的家目录
    -patchlist 补丁ID号,就是补丁包里.jar文件的文件名


    ======================================

     漫长等待然后提示.......

    ======================================

    D:OracleMiddlewareutilssu>bsu.cmd -install -patch_download_dir=d:OracleMiddlewareutilssucache_dir -patchlist=FMJJ -prod_dir=D:OracleMiddlewarewlserver_10.3
    检查冲突.........
    未检测到冲突

    正在安装补丁程序 ID: FMJJ..
    结果: 成功

    D:OracleMiddlewareutilssu>

    三、验证

    a) Restart all WebLogic servers.
    b) The following command is a simple way to determine the application of WebLogic Server PSU.

    D:OracleMiddlewarewlserver_10.3serverin>setWLSEnv.cmd

    D:OracleMiddlewareutilssu>bsu.cmd -prod_dir=D:OracleMiddlewarewlserver_10.3 -status=applied -verbose -view
    ProductName: WebLogic Server
    ProductVersion: 10.3 MP6
    Components: WebLogic Server/Core Application Server,WebLogic Server/Admi
    nistration Console,WebLogic Server/Configuration Wizard and
    Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve
    r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC
    Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S
    erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S
    erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog
    ic Server/Evaluation Database,WebLogic Server/Workshop Code
    Completion Support
    BEAHome: D:OracleMiddleware
    ProductHome: D:OracleMiddlewarewlserver_10.3
    PatchSystemDir: D:OracleMiddlewareutilssu
    PatchDir: D:OracleMiddlewarepatch_wls1036
    Profile: Default
    DownloadDir: d:OracleMiddlewareutilssucache_dir
    JavaHome: D:OracleMiddlewarejdk160_29
    JavaVersion: 1.6.0_29
    JavaVendor: Sun


    Patch ID: FMJJ
    PatchContainer: FMJJ.jar
    Checksum: 591477727
    Severity: optional
    Category: General
    CR/BUG: 26519424
    Restart: true
    Description: WLS PATCH SET UPDATE 10.3.6.0.171017 WLS PATCH SET UPDATE 10.3.6.0.171017


    java weblogic.version

    In the following example output, 10.3.6.0.171017 is the installed WebLogic Server PSU.

    WebLogic Server 10.3.6.0.171017 PSU Patch for BUG26519424



    这时候启动weblogic,在标准输出中也可以看到加载了新补丁:
    <2015-10-26 下午02时43分41秒 CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0.12 PSU P
    atch for BUG20780171 THU JUN 18 15:54:42 IST 2015
  • 相关阅读:
    swift 初见-4运算符与字符串操作
    IOS中数据持久化1-CoreData
    swift 初见-3
    swift 初见-2
    系统硬件1-短信,打电话
    swift 初见-1
    socket理解流程图
    文件操作方法fscanf
    Prim模板
    树剖求LCA模板
  • 原文地址:https://www.cnblogs.com/hmwh/p/8656259.html
Copyright © 2011-2022 走看看