Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271)

In October 2017 Oracle have published a vulnerability concerning Oracle WebLogic and assigned CVE-2017-10271 to it. Since then no public information regarding this vulnerability was available until a...

Published Dec 25, 2017

Version 1.0

ASM Advanced WAF

cve-2017-10271

remote code execution

security

weblogic

Gal_Goldshtein

Employee

Joined June 20, 2019

View Profile

Gal_Goldshtein

Employee

Joined June 20, 2019

View Profile

urocyongroup_30

Nimbostratus

Jan 08, 2018

We download the last signature list and added this signature but the signature that blocks our test request is 200004336 "Oracle WebLogic WLS Security component Remote Code Execution" with Last Updated date 12/26/2017. I assume this is the adopted signature to mitigate this attack.

It seems it only works for the default context root /wls-wsat/CoordinatorPortType , if we use and other context root with the same payload the signature is not triggert.

Can we have the rule body of this signature so we can make a custom one that is more generic?

Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS