打补丁吧,骚年
3.3.47.5 Oracle WebLogic Server 10.3.6
All of the patches listed in the table below should be applied to an Oracle WebLogic Server 10.3.6 installation
Product Home | Patch | Advisory Number | Comments |
---|---|---|---|
Oracle WebLogic Server 10.3.6 | Oracle Java SE Upgrade to JDK 7 Update 261 |
Note 2682801.1, Oracle Critical Patch Update CPU) July 2020 for Oracle Java SE Download locations and installation instructions in above document |
See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products |
WLS PATCH SET UPDATE 10.3.6.0.200714 Patch 31178492 + ADR FOR WEBLOGIC SERVER 10.3.6 JULY CPU 2020 Patch 31241365 | CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14622, CVE-2020-2966, CVE-2017-5645, CVE-2020-14572, CVE-2020-14652, CVE-2018-11058, CVE-2020-14645 |
For CVE-2018-11058, apply ADR Patch. See Note 2421487.1, Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server See Note 1607170.1, SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628 See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852 |
|
WLS 10.3.6 JDBC Patch 27541896 | Released January 2018 | Please refer to Note 1970437.1 How To Update the JDBC and UCP Drivers Bundled with WebLogic Server 10.3.6 and 12c | |
WLS 10.3.6 SAMPLES PSU 10.3.6.0.190716 Patch 29659185 | Released July 2019 | This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities | |
Coherence 3.7.1.19 Patch 31447246 | CVE-2020-14642 | ||
See Note 1936300.1 How to Change SSL Protocols (to Disable SSL 2.0/3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1) | Released October 2014 | SSL V3.0 "Poodle" Advisory |
3.3.47.3 Oracle WebLogic Server 12.2.1.3
All of the patches listed in the table below should be applied to an Oracle WebLogic Server 12.2.1.3 installation
Product Home | Patch | Advisory Number | Comments |
---|---|---|---|
Oracle WebLogic Server 12.2.1.3 | Oracle Java SE Upgrade to JDK 8 Update 251 |
Note 2682801.1, Oracle Critical Patch Update (CPU) July 2020 for Oracle Java SE Download locations and installation instructions in above document |
See Note 1492980.1, How to Install and Maintain the Java SE Installed or Used with FMW 11g/12c Products |
OPatch 13.9.4.2.4 Patch 28186730 | Released July 2020 |
Update OPatch 13.9.4.2.4 Patch 28186730 before applying WLS PSU. See Note 1587524.1 Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c |
|
WLS PATCH SET UPDATE 12.2.1.3.200624 Patch 31535411 + ADR FOR WEBLOGIC SERVER 12.2.1.3.0 JULY CPU 2020 Patch 31544340 | CVE-2020-2967, CVE-2020-14588, CVE-2020-14589, CVE-2020-14687, CVE-2020-14622, CVE-2020-2966, CVE-2020-14625, CVE-2020-14572, CVE-2020-14652, CVE-2017-5645, CVE-2018-11058, CVE-2020-14645, CVE-2020-14557, CVE-2020-9546, CVE-2020-14644 |
See Note 2665794.1, How to Restrict T3/T3S Protocol Traffic for WebLogic Server Refer to Note 2566635.1 for Patch Conflict issue. CVE-2018-3213 Is addressed in Docker Images published after September 13, 2018. Latest docker image at https://container-registry.oracle.com. For CVE-2018-11058, apply ADR Patch. See Note 2421487.1, Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs See Note 2395745.1, April 2018 Critical Patch Update: Additional Information about the Oracle WebLogic Server Vulnerability CVE-2018-2628 See Note 2421480.1, July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2018-2933. See Note 2076338.1 July 2018 Critical Patch Update: Additional information about the Oracle WebLogic Server Vulnerability CVE-2015-4852 |
|
WEBLOGIC SAMPLES SPU 12.2.1.3.200714 Patch 31384951 | CVE-2020-14636, CVE-2020-14637, CVE-2020-14638, CVE-2020-14639, CVE-2020-14640 | This patch is a cumulative patch for all Struts 2 CVEs to date. For more information, see: Note 2255054.1 Oracle WebLogic Server Requirements for Apache Struts 2 Vulnerabilities. | |
Coherence 12.2.1.3.10 Patch 31470751 | CVE-2020-14642 |