¡¾Îó²îͨ¸æ¡¿Oracle 1Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2021-01-20

0x00 Îó²î¸ÅÊö

2021Äê01ÔÂ19ÈÕ£¬£¬£¬OracleÐû²¼ÁË1Ô·ݵÄÇå¾²¸üУ¬£¬£¬±¾´ÎÐû²¼µÄÇå¾²¸üй²¼Æ329¸ö£¬£¬£¬Éæ¼°Oracle E-Business Suite¡¢Fusion Middleware¡¢MySQL¡¢Database¡¢Java SE¡¢Oracle Construction and Engineering SuiteµÈ¶à¸ö²úÆ·ºÍ×é¼þ¡£¡£ ¡£¡£¡£

 

0x01 Îó²îÏêÇé

image.png

²¿·ÖÎó²îÁбíÈçÏ£º

Oracle E-Business Suite

CVE

²úÆ·

×é¼þ

CVSSÆÀ·Ö

ÑÏÖØˮƽ

Ó°Ïì¹æÄ£

CVE-2021-2029

Oracle Scripting

Miscellaneous

9.8

ÑÏÖØ

12.1.1-12.1.3,   12.2.3-12.2.8

CVE-2021-2100

Oracle One-to-One   Fulfillment

Print Server

9.1

ÑÏÖØ

12.1.1-12.1.3,   12.2.3-12.2.10

CVE-2021-2101

Oracle One-to-One   Fulfillment

Print Server

9.1

ÑÏÖØ

12.1.1-12.1.3,   12.2.3-12.2.10

 

Oracle Fusion Middleware

CVE

²úÆ·

×é¼þ

CVSSÆÀ·Ö

ÑÏÖØˮƽ

Ó°Ïì¹æÄ£

CVE-2021-1994

Oracle WebLogic Server

Web Services

9.8

ÑÏÖØ

10.3.6.0.0, 12.1.3.0.0

CVE-2021-2047

Oracle WebLogic Server

Core Components

9.8

ÑÏÖØ

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0,   14.1.1.0.0

CVE-2021-2064

Oracle WebLogic Server

Core Components

9.8

ÑÏÖØ

12.1.3.0.0

CVE-2021-2108

Oracle WebLogic Server

Core Components

9.8

ÑÏÖØ

12.1.3.0.0

CVE-2021-2075

Oracle WebLogic Server

Samples

9.8

ÑÏÖØ

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0,   14.1.1.0.0

CVE-2021-2109

Oracle WebLogic Server

Console

7.2

¸ßΣ

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0,   14.1.1.0.0

CVE-2019-17195

Oracle WebLogic Server

Core Components (Connect2id   Nimbus JOSE+JWT)

9.8

ÑÏÖØ

12.2.1.3.0, 12.2.1.4.0

CVE-2019-10086

Oracle WebLogic Server

Console (Apache Commons   Beanutils)

7.3

¸ßΣ

10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0

 

Oracle MySQL

CVE

²úÆ·

×é¼þ

CVSSÆÀ·Ö

ÑÏÖØˮƽ

Ó°Ïì¹æÄ£

CVE-2021-2046

MySQL Server

Server: Stored Procedure

6.8

ÖÐΣ

8.0.22   and prior

CVE-2021-2020

MySQL Server

Server: Optimizer

6.5

ÖÐΣ

8.0.20   and prior

CVE-2021-2024

MySQL Server

Server: Optimizer

6.5

ÖÐΣ

8.0.22   and prior

 

WebLogic Server·´ÐòÁл¯Îó²î£¨CVE-2021-1994¡¢CVE-2021-2047¡¢CVE-2021-2064¡¢CVE-2021-2108¡¢CVE-2021-2075¡¢CVE-2019-17195ºÍCVE-2019-10086£©

ÕâЩÎó²îÊÇWeblogicÖеĶà¸ö·´ÐòÁл¯Â©¡£¡£ ¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ýHTTP¡¢IIOP¡¢T3ЭÒé·¢ËͶñÒâÇëÇóÀ´Ê¹ÓôËÎó²î£¬£¬£¬ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß×îÖÕ¿ÉÒÔ¿ØÖÆWebLogic Server»òÔ¶³ÌÖ´ÐдúÂë¡£¡£ ¡£¡£¡£

 

WebLogic ServerÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-2109£©

¸ÃÎó²î±£´æÓÚWebLogic ServerµÄconsoleÖУ¬£¬£¬ÆäCVSSÆÀ·Ö7.2¡£¡£ ¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ýJNDI×¢Èë¹¥»÷À´Ô¶³ÌÖ´ÐÐÏÂÁî»ò´úÂë¡£¡£ ¡£¡£¡£

Ó°Ïì¹æÄ£

10.3.6.0.0

12.1.3.0.0

12.2.1.3.0

12.2.1.4.0

14.1.1.0.0

 

0x02 ´¦Öóͷ£½¨Òé

½¨Òé²Î¿¼Oracle¹Ù·½Ðû²¼µÄÇ徲ͨ¸æÉý¼¶ÖÁ×îа汾¡£¡£ ¡£¡£¡£

ÔÝʱ²½·¥

½ûÓÃT3ЭÒé

Ïêϸ²Ù×÷£º

1£©½øÈëWebLogic¿ØÖÆ̨£¬£¬£¬ÔÚbase_domainµÄÉèÖÃÒ³ÃæÖУ¬£¬£¬½øÈë¡°Çå¾²¡±Ñ¡ÏҳÃ棬£¬£¬µã»÷¡°É¸Ñ¡Æ÷¡±£¬£¬£¬½øÈëÅþÁ¬É¸Ñ¡Æ÷ÉèÖᣡ£ ¡£¡£¡£

2)ÔÚÅþÁ¬É¸Ñ¡Æ÷ÖÐÊäÈ룺weblogic.security.net.ConnectionFilterImpl£¬£¬£¬ÔÚÅþÁ¬É¸Ñ¡Æ÷¹æÔòÖÐÊäÈ룺127.0.0.1 * * allow t3t3s£¬£¬£¬0.0.0.0/0 * *deny t3 t3s(t3ºÍt3sЭÒéµÄËùÓж˿ÚÖ»ÔÊÐíÍâµØ»á¼û)¡£¡£ ¡£¡£¡£

3£©ÉúÑĺóÐèÖØÐÂÆô¶¯£¬£¬£¬¹æÔò·½¿ÉÉúЧ¡£¡£ ¡£¡£¡£

image.png

 

 

½ûÓÃIIOPЭÒé

ÉÏ°¶WebLogic¿ØÖÆ̨£¬£¬£¬base_domain >ЧÀÍÆ÷ÌáÒª >AdminServer

image.png

 

 

 

0x03 ²Î¿¼Á´½Ó

https://www.oracle.com/security-alerts/cpujan2021.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1994

 

0x04 ʱ¼äÏß

2021-01-19  OracleÐû²¼Çå¾²¸üÐÂ

2021-01-20  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png