My Oracle Support Banner

Exalogic Virtual: Mitigating/Resolving WebLogic Server Vulnerabilities in Control Stack (Doc ID 2543118.1)

Last updated on MAY 16, 2019

Applies to:

Oracle Exalogic Elastic Cloud Software - Version 2.0.6.0.0 and later
Oracle Exalogic Elastic Cloud X2-2 Hardware
Exalogic Elastic Cloud X3-2 Hardware
Exalogic Elastic Cloud X4-2 Hardware
Exalogic Elastic Cloud X5-2 Hardware
Information in this document applies to any platform.

Purpose

The purpose of this document is to outline the necessary steps which will allow to mitigate Weblogic Server Vulnerabilities within the Control Stack in an Exalogic Virtual configuration.

Scope

This document is intended for Exalogic Virtual Implementations only which bundles WLS for the Control Stack within EECS releases. Exalogic Physical does not include WLS as part of the EECS release, and no mitigation is required for WLS issues on Exalogic Physical for the infrastructure.

IMPORTANT: This document does not cover WLS instances that are installed by customers for their workloads either within Guest vServers (domU) on Virtual or compute nodes on Physical. These instances need to be patched in accordance with guidance published for WLS.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Exalogic 2.0.6.3.x Releases
 Mitigation Using iptables on EC vServer
 Exalogic 2.0.6.4.x Releases
 Mitigation Using iptables on EC vServer
 Resolution through patching WLS 12.1.3 in EECS 2.0.6.4
 Viewing Configured iptables Rules
 Enabling Access to OVMM BUI Selectively

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.