Weblogic Security Issue (Published 1/2018)


Over the last week or so, many clients running Oracle Weblogic server have been reporting cases of SEVERE server slowdowns. These performance issues may be the result of Security Issue CVE-2017-10271.

This defect allows the remote execution of code on servers running Weblogic 10.3.6.

It has been reported that this defect allows hackers to hijack a weblogic server to run external apps, such as Bitcoin Miners.

Oracle Weblogic is required on Banner 8 (INB), and Banner SSB, and Banner 9 (XE) if you are not running it on Apache Tomcat.

If your system is running Weblogic, please install the October Oracle Critical Patch Update IMMEDIATELY.

To install this patch for Weblogic 10.3.6:

  1. Login to Oracle Support (https://metalink.oracle.com) and download patch ID: 26519424 (filename: p26519424_1036_Generic.zip)
  2. Drop this file onto the Weblogic server and unzip into the directory: $MW_HOME/utils/bsu/cache_dir (create this directory if it does not exist)
  3. Login to Weblogic and shutdown all processes.
  4. cd $MW_HOME/utils/bsu
  5. install the patch with the following command: ./bsu.sh -install -patch_download_dir=$MW_HOME/utils/bsu/cache_dir/ -patchlist=FMJJ -prod_dir=$MW_HOME/wlserver_10.3
  6. Restart all Weblogic Processes.