Alright, let's tackle this Oracle WebLogic WLS9-async deserialization RCE vulnerability—super critical, so let's get you fixed up quickly. Here's a step-by-step breakdown of both temporary mitigations and official patch installation procedures:

临时紧急缓解措施（适合无法立即安装补丁的场景） #

If you can't deploy the official patch right away, these steps will help block the attack vector:

• Disable the WLS9-async component: Navigate to your WebLogic installation directory, find wlserver/server/lib/wls9_async.jar, and either rename it (e.g., wls9_async.jar.bak) or delete it. Restart all WebLogic services after doing this. Note: Double-check if your business relies on asynchronous processing features before deleting—if it does, skip this and use the next mitigation.
• Restrict port access: Use your firewall, load balancer, or network ACLs to limit incoming traffic to WebLogic's admin and business ports. Only allow trusted IP ranges to access these ports, which drastically reduces the attack surface.
• Enforce strict authentication: Ensure all endpoints require valid authentication. While this vulnerability bypasses unauthenticated access, locking down authentication helps prevent other potential exploits.

官方补丁彻底修复步骤（推荐长期解决方案） #

Oracle releases Critical Patch Updates (CPUs) regularly that address this vulnerability. Follow these steps to install the correct patch:

1. Identify your WebLogic version: Check your WebLogic version (e.g., 12.2.1.4, 14.1.1.0) to find the corresponding patch from Oracle Support (you'll need an Oracle account to download it).
2. Backup your environment: Before making any changes, back up your entire WebLogic installation directory and domain configuration. This lets you roll back if something goes wrong.
3. Stop all WebLogic services: Shut down the Admin Server and all Managed Servers completely. Make sure no related processes are running.
4. Install the patch with OPatch: Use Oracle's OPatch tool to apply the patch. Run a command like:

   opatch apply -oh /path/to/weblogic/home -jdk /path/to/jdk/home
   

   Always follow the specific instructions in the patch's README file—some patches may require additional flags.
5. Verify patch installation: Confirm the patch was installed successfully by running:

   opatch lsinventory
   

   Check the output to ensure the target patch ID is listed.
6. Restart WebLogic services: Start the Admin Server first, then all Managed Servers. Test your business applications to make sure they run normally after the restart.

额外加固建议 #

To prevent similar vulnerabilities in the future:

• Keep WebLogic updated: Regularly apply Oracle's security patches and upgrade to the latest supported version of WebLogic.
• Enable auditing: Turn on WebLogic's audit logging to monitor for abnormal requests, especially those targeting WLS9-async related paths.
• Audit third-party components: Avoid deploying unvetted third-party libraries or components in your WebLogic environment—these can introduce additional security risks.

内容的提问来源于stack exchange，提问作者Mallik