以前一篇文章記錄部署web代理修復漏洞經過部署web代理來修復JAVA反序列化漏洞,這篇經過打補丁來修復這個漏洞。詳見(Doc ID 2075927.1)
java
系統環境以下所示:web
OS:Oracle Linux Server release 6.1 64bitexpress
Weblogic:10.3.6sass
具體操做以下步驟所示:bash
1.備份備份備份
服務器
2.一切操做安裝補丁README來oracle
2.1 更新PSUapp
2.2 打補丁less
1.備份
dom
作好備份工做,不管是否能夠回退,保證有備份
2.上傳PSU
weblogic補丁上傳,建議放在{MW_HOME}/utils/bsu/cache_dir目錄下,保證改目錄有些和執行權限
本次存放位置爲/data/oracle/middleware/utils/bsu/cache_dir
[root@localhost cache_dir]# unzip p20780171_1036_Generic.zip [root@localhost cache_dir]# pwd /data/oracle/middleware/utils/bsu/cache_dir [root@localhost cache_dir]# ls EJUW.jar p20780171_1036_Generic.zip patch-catalog_22958.xml README.txt
2.1根據README操做
README內容以下所示:
Oracle WebLogic Server Patch Set Update 10.3.6.0.12 README ========================================================= This README provides information about how to apply Oracle WebLogic Server Patch Set Update 10.3.6.0.12. It also provides information about reverting to the original version. Released: July, 2015 Smart Update Details of Oracle WebLogic Server Patch Set Update 10.3.6.0.12 -------------------------------------------------------------------------- PATCH_ID - EJUW Patch number - 20780171 Preparing to Install Oracle WebLogic Server Patch Set Update 10.3.6.0.12 ----------------------------------------------------------------------- - WebLogic Server Patch Set Update (PSU) can be applied on a per-domain basis (or on a more fine-grained basis), Oracle recommends that PSU be applied on an installation-wide basis. PSU applied to a WebLogic Server installation using this recommended practice affect all domains and servers sharing that installation. - Login as same "user" with which the component being patched is installed. - Stop all WebLogic servers. - Remove any previously applied WebLogic Server Patch Set Update and associated overlay patches Installing Oracle WebLogic Server Patch Set Update 10.3.6.0.12 ------------------------------------------------------------- - unzip p20780171_1036_Generic.zip to {MW_HOME}/utils/bsu/cache_dir or any local directory Note: You must make sure that the target directory for unzip has required write and executable permissions for "user" with which the component being patched is installed. - Navigate to the {MW_HOME}/utils/bsu directory. - Execute bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME} Where, WL_HOME is the path of the WebLogic home Reference: BSU Command line interface http://docs.oracle.com/cd/E14759_01/doc.32/e14143/commands.htm Post-Installation Instructions ------------------------------ a) Restart all WebLogic servers. b) The following command is a simple way to determine the application of WebLogic Server PSU. $ . $WL_HOME/server/bin/setWLSEnv.sh $ java weblogic.version In the following example output, 10.3.6.0.12 is the installed WebLogic Server PSU. WebLogic Server 10.3.6.0.12 PSU Patch for BUG20780171 Uninstalling Oracle WebLogic Server Patch Set Update 10.3.6.0.12 --------------------------------------------------------------- - Stop all WebLogic Servers - Navigate to the {MW_HOME}/utils/bsu directory. - Execute bsu.sh -remove -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME} Post-Uninstallation Instructions -------------------------------- a) Restart all WebLogic Servers. Oracle recommends that you see following key notes -------------------------------------------------- - My Oracle Support NOTE: 1306505.1 Announcing Oracle WebLogic Server PSUs (Patch Set Updates) https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1306505.1 - My Oracle Support NOTE: 1470197.1 Master Note on WebLogic Server Patch Set Updates (PSUs) https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1470197.1 - My Oracle Support NOTE: 1471192.1 - Replacement Patches for WebLogic Server PSU Conflict Resolution https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1471192.1 - SSL Authentication Problem Using WebLogic 10.3.6 and 12.1.1 With JDK1.7.0_40 or Higher https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1607170.1 - Smart Update Applying Patches to Oracle WebLogic Server http://docs.oracle.com/cd/E14759_01/doc.32/e14143/intro.htm ========================================================================== Copyright 2010, 2011, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065. This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. ==========================================================================
2.2中止weblogic
[root@localhost ~]# cd /data/oracle/middleware/user_projects/domains/base_domain/bin [root@localhost bin]# ./stopWebLogic.sh Stopping Weblogic Server... Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Connecting to t3://localhost.localdomain:80 with userid weblogic ... Successfully connected to Admin Server 'AdminServer' that belongs to domain 'base_domain'. Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. Shutting down the server AdminServer with force=false while connected to AdminServer ... WLST lost connection to the WebLogic Server that you were connected to, this may happen if the server was shutdown or partitioned. You will have to re-connect to the server once the server is available. Disconnected from weblogic server: AdminServer Disconnected from weblogic server: Exiting WebLogic Scripting Tool. Done Stopping Derby Server... [1]+ Done nohup ./startWebLogic.sh (wd: /data/oracle/middleware/user_projects/domains/base_domain) (wd now: /data/oracle/middleware/user_projects/domains/base_domain/bin)
2.3更新PSU
[root@localhost ~]# cd /data/oracle/middleware/utils/bsu [root@localhost bsu]# sh bsu.sh -install -patch_download_dir=/data/oracle/middleware/utils/bsu/cache_dir -patchlist=EJUW -prod_dir=/data/oracle/middleware/wlserver_10.3 Checking for conflicts... No conflict(s) detected Installing Patch ID: EJUW.. Result: Success [root@localhost bsu]#
2.4啓動weblogic
[root@localhost ~]# cd /data/oracle/middleware/user_projects/domains/base_domain [root@localhost base_domain]# nohup ./startWebLogic.sh & [1] 2194 [root@localhost base_domain]# nohup: ignoring input and appending output to `nohup.out' [root@localhost base_domain]# lsof -i:80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 2240 root 309u IPv6 13448 0t0 TCP localhost:http (LISTEN) java 2240 root 310u IPv6 13449 0t0 TCP [fe80::20c:29ff:fecd:56eb]:http (LISTEN) java 2240 root 311u IPv6 13450 0t0 TCP localhost:http (LISTEN) java 2240 root 312u IPv6 13451 0t0 TCP 10.0.41.190:http (LISTEN
2.5驗證補丁信息
[root@localhost bsu]# . /data/oracle/middleware/wlserver_10.3/server/bin/setWLSEnv.sh [root@localhost bsu]# java weblogic.version WebLogic Server 10.3.6.0.12 PSU Patch for BUG20780171 THU JUN 18 15:54:42 IST 2015 WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 Use 'weblogic.version -verbose' to get subsystem information Use 'weblogic.utils.Versions' to get version information for all modules
或者能夠經過登陸控制檯進行驗證
定向到主頁 >服務器概要 >AdminServer >角色 >AdminServer
詳細以下圖所示
3.打補丁p22248372_1036012_Generic.zip
[root@localhost ~]# cd /data/oracle/middleware/utils/bsu/cache_dir1 [root@localhost cache_dir1]# ls p22248372_1036012_Generic.zip [root@localhost cache_dir1]# unzip p22248372_1036012_Generic.zip Archive: p22248372_1036012_Generic.zip inflating: patch-catalog_23501.xml inflating: README.txt inflating: ZLNA.jar [root@localhost cache_dir1]#
README內容以下所示:
Content: ======== This patch contains Smart Update patch ZLNA for WebLogic Server 10.3.6.0.12 Description: ============ Oracle WebLogic Sever overlay patch for 10.3.6.0.12 which requires WLS10.3.6.0.12 PSU (Patch Number: 20780171 , Patch ID :EJUW) in the environment Patch Installation Instructions: ================================ - copy content of this zip file with the exception of README file to your SmartUpdate cache directory (MW_HOME/utils/bsu/cache_dir by default) - apply patch using Smart Update utility
3.1使用Smart Update utility打補丁
[root@localhost bsu]# pwd /data/oracle/middleware/utils/bsu [root@localhost bsu]# ls bsu.jar bsu.sh cache_dir cache_dir1 patch-client.jar smartupdate.ico [root@localhost bsu]# ./bsu.sh
界面如圖所示
若是在運行的時候出現Exception in thread "main" java.lang.OutOfMemoryError
能夠修改bsu.sh中的參數
調整MEM_ARGS="-Xms256m -Xmx512m"中使用的內存大小便可。參考mos(Doc ID 1154089.1)
修改補丁所在目錄,在file中點擊preference,以下圖所示,完成以後點擊save
點擊Patchs選項下的Refresh View選項,更新以後以下圖所示
檢測衝突,如圖所示
到此補丁就算成功應用了。
重啓後登錄console查看補丁的應用狀況,如圖所示:
在啓動日誌也會看到如下的信息
測試工具如附件中所示WebLogic_EXP.jar
參考連接