I guess everyone already knows that OVM uses Weblogic in the backend. Actually this post is for all the ones who use certain versions of Weblogic.. Weblogic 10.3.6 and 12.1.3.
The solution is simple for the ones who have extended support contract because these Weblogic releases are currently in extended support. This is the reality for both OVM Manager and Weblogic customers.
So, you just apply the latest PSU, or a PSU which fixes the issue and the overlay patch if there is any
and that's it.. You are done .. (for instanc :e Apr 2019 PSU 12.1.3.0.190416 Patch 29204657 + Overlay Patch 29694149 on 12.1.3.0.190416 for CVE-2019-2725)
The questions arises for the ones who don't have extended support for Weblogic. That is if they don't have extended support contract, they won't be able to download any WLS patches for those specific releases..
This means no PSU, no CPU, no overlay...
In this case, they have 2 options..
1) They may upgrade their OVM manager to version 3.4.7, which is bundled with Weblogic 12.1.3.0.210119 -- January 2021 Patch Set Update (PSU) for WebLogic Server 12.1.3.0.
Disable access to“/_async/*” and “/wls-wsat/” URLs on weblogic.
Test well..
-- you may even implement this access restriction on the firewall level.
MOS References:
Upgrading products bundled with Oracle VM Manager (Doc ID 2195205.1)
Security Alert CVE-2019-2725 Patch Availability Document for Oracle WebLogic Server (Doc ID 2535708.1)
MOS References:
Upgrading products bundled with Oracle VM Manager (Doc ID 2195205.1)
Security Alert CVE-2019-2725 Patch Availability Document for Oracle WebLogic Server (Doc ID 2535708.1)
No comments :
Post a Comment
If you will ask a question, please don't comment here..
For your questions, please create an issue into my forum.
Forum Link: http://ermanarslan.blogspot.com.tr/p/forum.html
Register and create an issue in the related category.
I will support you from there.