0 Replies Latest reply on Jun 20, 2019 1:43 PM by 915737

    CVE-2019-2729 - mitigation approach


      Hi Experts,


      As per recent Vulnerability included in CVE-2019-2729, if we look into mitigation approach below war files need to deleted as per "KnownSec 404" (https://www.helpnetsecurity.com/2019/06/19/cve-2019-2729/ )


      ========Below lines copied from above link===============

      Before Oracle released the patch, KnownSec 404 advised users to mitigate the risk by:

      • Finding and deleting wls9_async_response.war, wls-wsat.war and restarting the Weblogic service, or by
      • Preventing access to the /_async/* and /wls-wsat/* URL paths via access policy control.


      ========Below lines copied from above link===============


      But when we search for wls9_async_response.war, we are getting "bea_wls9_async_response.war".

      so is it wls9_async_response.war and bea_wls9_async_response.war are same or only we need to delete "wls9_async_response.war" if exist.


      Please advise.


      Env details:

      EBS- 12.2.4 With WLS (JAN-2019 PSU) applied.