Oracle Weblogic Server (MOSC)

MOSC Banner

Seeking confirmation on necessity applying patch though deployed application is not using struts 2/1

edited Oct 16, 2017 5:03AM in Oracle Weblogic Server (MOSC) 1 commentAnswered

Hi,

We have been informed that there is “Oracle Security Alert - CVE-2017-9805 Risk “ which says  "Vulnerability in the WebLogic Server component of Oracle Fusion Middleware (subcomponent: Samples (Struts 2)). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server."  it looks suggesting  that CVE-2017-9805 Risk will impacts only if application uses struts 2 and open http ports!!

We are using Weblogic server version 10.3.6.0 on linux environment to run/use our java web application. In our java application we have not used struts 2.x or 1.x and also we have disabled http ports.

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center