2018年1月18日

「Oracle WebLogic Server」の脆弱性狙う攻撃が発生


Oracle Fusion Middleware の Oracle WebLogic Server コンポーネントは、多くの商用ウェブサイトや企業アプリケーションの構築等に利用されているソフトウェア製品です。

Oracle WebLogic Serverにおける既知の脆弱性を悪用する攻撃が、2017年12月下旬より報告されているとしてセキュリティ関係機関が注意を呼びかけています。
悪用が確認されているのは、ウェブサイトや企業アプリケーションで利用されている「Oracle WebLogic Server」の「WLS Security」に起因する脆弱性「CVE-2017-10271」です。

今回の問題は、昨年10月に修正プログラムがリリースされていますが、2017年12月下旬に公開された攻撃コードが悪用され修正パッチが適用されていないシステムに対して悪意のあるコインマイナー(仮想通貨をマイニングするプログラム)を仕込まれる攻撃事例が報告されています。
使用されている脆弱性は他の目的にも悪用できます。
本脆弱性が悪用された場合、遠隔の攻撃者により、情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 攻撃が行われる可能性があります。

本脆弱性についてはシステムを確認し、できるだけ早くアップデートを実施し、脆弱性を修正するよう注意してください。
また、管理者の方はすでに攻撃を受けて、システムを侵害されていないか、確認しましょう。

参考元
12月下旬より「Oracle WebLogic Server」狙う攻撃が発生 - 仮想通貨採掘に悪用されたケースも

株式会社サンロフトでは、最新のセキュリティ情報をお届けします。是非お気軽に、ご相談ください。

13 件のコメント:

  1. KADG Pune 2021 - Online Casino - Kadang Pintar
    Online Casino · 제왕카지노 24 Pokies · Best Online Slots in 온카지노 2021 · 1 Casino Online · Live Casino · Casino Jackpots · Mobile · Mobile Casino · 카지노 Welcome Bonus · Mobile

    返信削除
  2. I have a hard time describing my thoughts on content, but I really felt I should here. Your article is really great. I like the way you wrote this information Landlord
    u384_majortotositepro
    u385_racesitepro
    u386_oncasinositenet
    u387_totopickpro

    返信削除
  3. Great content to read. The picture looks so cool. Thanks for sharing this beautiful post. Keep sharing more interesting blogs like this. Viginia Reckless Driving

    返信削除
  4. Oracle WebLogic Server is a Java Enterprise Edition (Java EE) application server that is part of Oracle's Fusion Middleware portfolio. It is designed for high performance and scalability, making it suitable for building a wide range of enterprise applications. WebLogic Server offers a robust security framework, including user authentication, authorization, and data encryption, and supports integration with various identity management solutions. It supports clustering, load balancing, and failover capabilities, ensuring high availability and scalability of applications. Oracle provides tools for managing and monitoring WebLogic Server instances, domains, and applications, allowing administrators to configure, monitor, and manage server resources. It also offers integration capabilities with other Oracle products and services, making it an integral part of Oracle's cloud and enterprise ecosystem. WebLogic Server is cross-platform, supporting a variety of operating systems, including Windows, Linux, and UNIX flavors. It is developer-friendly, offering tools and features for building and testing Java EE applications, including support for IDEs like Oracle Developer, Eclipse, and NetBeans. WebLogic Server supports the development and deployment of web services based on Java EE standards, crucial for creating service-oriented architectures (SOA). Oracle's Java Mission Control allows monitoring, managing, and profiling applications running on WebLogic Server, helping identify and resolve performance and stability issues.
    fedex truck accident

    返信削除
  5. Oracle WebLogic Server is a robust and efficient enterprise application management system that offers reliability, stability, scalability, robust security features, and comprehensive management and monitoring tools. However, it is complex and may require expertise for beginners. The server may consume significant system resources, which may be a concern for organizations with resource constraints or cost-conscious environments. Additionally, licensing costs can be high, especially for small to mid-sized businesses with budget constraints. Despite Oracle's comprehensive documentation, some users find it dense and challenging to navigate. Despite this, Oracle has a well-established user community and support services. It is important to note that the software landscape may change, and it is recommended to check more recent sources for the latest reviews and feedback on Oracle WebLogic Server. Ley de Accidentes de Motocicleta

    返信削除
  6. Buen Abogado para Automovilístico de AccidenteThe article introduces Oracle WebLogic Server, a crucial component of Oracle Fusion Middleware for building commercial websites and enterprise applications. It highlights a potential issue with CVE-2017-10271, a vulnerability that has been exploited since late December 2017. The article effectively communicates the connection between the vulnerability and WLS Security in Oracle WebLogic Server, providing valuable information for IT professionals and individuals responsible for system security. While the warning is clear, additional details on recommended security measures or updates could enhance its practicality. Overall, the article serves as a timely alert, combining technical details with a call for caution in the face of known vulnerabilities in Oracle WebLogic Server.

    返信削除
  7. Oracle WebLogic Server is a popular application server used for building and deploying enterprise Java EE (Java Platform, Enterprise Edition) applications. It is part of the Oracle Fusion Middleware family and provides a platform for developing, deploying, and managing distributed Java applications. Key features of Oracle WebLogic Server include Java EE support, clustering and high availability, robust security features, management and monitoring tools, integration with Oracle products, development tools, compatibility with industry standards, support for Java Flight Recorder (JFR), and middleware capabilities.

    Java EE specifications include technologies like Servlets, JSP, EJB, and JMS. Clustering allows multiple server instances to work together, providing scalability and high availability. WebLogic Server also includes robust security features like authentication, authorization, and secure communication using SSL.

    The WebLogic Server Administration Console allows administrators to configure server settings, deploy applications, and monitor performance. It is often used in conjunction with other Oracle products like Oracle Database, Oracle Coherence, and Oracle SOA Suite. Developer tools like Oracle JDeveloper and Oracle Enterprise Pack for Eclipse are available to help developers build and deploy applications on WebLogic Server.

    In addition to its application server capabilities, WebLogic Server also provides middleware capabilities for messaging, data connectivity, and business process management. It is important to note that features and capabilities may evolve with new releases, so it is recommended to refer to the official Oracle documentation for the most up-to-date information.abogado testamentario

    返信削除
  8. bankruptcy lawyer near me
    The review of Oracle WebLogic Server provides a comprehensive overview of its architecture and performance capabilities. It highlights the importance of real-world use cases and user testimonials to provide a balanced perspective. The review balances technical details with user-friendly language, making it accessible to readers of varying expertise levels. It suggests adding links to additional resources and mentioning recent updates to ensure the review remains current. Overall, the review is informative and could become a valuable resource for those considering or using WebLogic Server.

    返信削除
  9. "abogado de lesiones por accidentes de motocicleta"
    The text "Se producen ataques dirigidos a vulnerabilidades en Oracle WebLogic Server" discusses targeted attacks on vulnerabilities in Oracle WebLogic Server. It suggests a concise summary of these attacks and their potential impact on users or organizations. The text also offers practical advice on securing Oracle WebLogic Server and includes relevant statistics, trends, and incidents related to these attacks. It encourages readers to share their insights and experiences for engagement and community interaction.

    返信削除
  10. Oracle WebLogic Server is a popular Java EE application server developed by Oracle Corporation, offering a platform for developing, deploying, and running enterprise Java applications, web services, and other distributed applications. It offers a wide range of features and capabilities, including support for Java EE standards, clustering, high availability, security, and scalability. WebLogic Server can be deployed on-premises, in the cloud, or in hybrid environments, supporting various operating systems.

    The Administration Console is a web-based tool that allows administrators to configure, monitor, and manage server instances, applications, and resources. It supports clustering and high availability features to ensure reliability and scalability of applications. WebLogic Server also offers robust security features to protect applications and data from unauthorized access and attacks.

    Performance monitoring and tuning tools are available for monitoring and tuning the performance of applications and server instances. Built-in tools like the WebLogic Diagnostic Framework (WLDF) and Java Mission Control allow administrators to analyze performance metrics, diagnose issues, and optimize resource utilization.

    WebLogic Server integrates with other Oracle products and technologies, such as Oracle Database, Oracle Fusion Middleware, and Oracle Cloud Infrastructure, and supports interoperability with third-party software and standards-compliant Java EE applications. Overall, Oracle WebLogic Server is a powerful and feature-rich application server that is widely used in various industries, including finance, telecommunications, healthcare, and e-commerce, to deliver mission-critical applications and services Abogado DUI Fairfax.

    返信削除
  11. Oracle WebLogic Server is a popular Java Enterprise Edition (Java EE) application server that offers a robust platform for deploying, managing, and running enterprise Java applications. It is designed to meet the demands of enterprise-level applications, offering high performance, scalability, and reliability. WebLogic Server supports a wide range of Java EE specifications and APIs, allowing developers to build and deploy applications with ease. It supports clustering and high availability configurations, allowing multiple server instances to work together as a single, unified system. It offers robust security features, including SSL encryption, authentication, authorization, and auditing, and integrates with enterprise identity and access management systems like Oracle Identity Manager. It also includes a comprehensive management console and command-line tools for administering server instances, configuring resources, and monitoring performance. It integrates seamlessly with other Oracle products and technologies, as well as third-party systems and applications through standard protocols and APIs. Development tools, such as Oracle JDeveloper, Eclipse, and NetBeans, provide productivity features for developers. WebLogic Server is highly extensible, allowing developers to customize its functionality through custom Java components, libraries, and plugins.
    contract dispute lawyer

    返信削除
  12. Oracle WebLogic Server is a Java-based application server used for developing, deploying, and running enterprise Java EE applications. It supports the Java Platform, Enterprise Edition (Java EE), and serves as a middleware between the operating system and applications, providing services like security, scalability, and reliability. Key features of WebLogic Server include scalability, security, high availability, a web-based administration console, integration with other Oracle products, and development tools like Enterprise JavaBeans, Java Servlets, JSP, and JMS Fairfax Criminal Lawyer.

    返信削除
  13. The review comments for a grant seminar on research findings are based on the seminar's clarity, relevance to grant objectives, depth of analysis, methodology rigor, stakeholder engagement, innovation, recommendations for future work, presentation style and delivery, accessibility and inclusivity, and overall impact. The seminar effectively demonstrated the alignment of research outcomes with grant objectives, but more in-depth analysis and discussion could have improved understanding and engagement. The presenter effectively highlighted avenues for future research and potential applications of the findings, and consideration should be given to ensuring accessibility and inclusivity in future seminars.
    big truck accident attorney

    返信削除