Oracle Weblogic Server (MOSC)

MOSC Banner

Any new solutions in place to conceal the WebLogic version information from being displayed?

in Oracle Weblogic Server (MOSC) 3 commentsAnswered ✓

Understood that Oracle had released patch 36485713 which included patch 36440005 to fix the WebLogic T3/IIOP Information Disclosure Vulnerability (CVE-2024-21006/CVE-2024-21007) in CPU Apr 2024 for WebLogic Server 12.2.1.4.0 & 14.1.1.0.0.

Our client has applied this patch in April for WebLogic Server 12.2.1.4.0, however when do vms scan by run nmap, it still can see the Weblogic version information.

Our client is concerned that if an attacker can discern the WebLogic version, they might be able to exploit known vulnerabilities before we have the opportunity to apply patches. Therefore we have some question as below,

  1. Do we have any new solutions in place to conceal the WebLogic version information from being displayed?

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center