Patch Reviews - Middleware (MOSC)

MOSC Banner

WebLogic Server Encoded Request Directory Listing vulnerability remediation

in Patch Reviews - Middleware (MOSC) 2 commentsAnswered ✓

Hi Team,

We have identified below Vulnerability in 10.3.6 WebLogic version. So to remediate this, we have applied 21Y4 33172858 latest patch which was released in Oct-2021 for 10.3.6. but we are still seeing same vulnerability. as i know 11g is support is over at December-2021.

Could please check and confirm how do we can fi this remidation in the server or do we need to upgrade WebLogic to higher versions which is current support?


"The version of WebLogic Server running on the remote host is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a crafted request, to display a listing of an arbitrary directory, which may contain sensitive files.

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center