Oracle Tuxedo "JOLTandBLEED" vulnerability (CVE-2017-10269)

In November 2017 Oracle published a vulnerability in the Jolt Server which is a component of Oracle Tuxedo. Just recently, a PoC exploit for this vulnerability has been published.

Using the JOLT protocol, attackers could send specially crafted packets to obtain chunks of the server’s memory. The dumped memory chunks may contain sensitive information such as clear text credentials for the PeopleSoft web interface. This is also how the vulnerability got its name - because of the similarity to the Heartbleed vulnerability.

Following is an iRule which detects and blocks “JOLTandBLEED”. Note, the JOLT protocol is not based on HTTP.

  TCP::collect 24
  if { [TCP::payload] starts_with "JOLT\x00\x00\x00\x0f\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x002\x00\x00\x00\x00" } {
    log local0. "Detected JoltandBleed vulnerability exploitation attempt, rejecting."
Published Feb 19, 2018
Version 1.0

Was this article helpful?

No CommentsBe the first to comment