Login Sign Up

CVE-2021-2344

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle Coherence allows unauthenticated attackers with network access via T3 or IIOP protocols to cause denial of service by crashing or hanging the service. It affects multiple versions of Oracle Coherence across Oracle Fusion Middleware. The vulnerability has high availability impact with a CVSS score of 7.5.

💻 Affected Systems

Products:
  • Oracle Coherence
  • Oracle Fusion Middleware
Versions: 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable when T3 or IIOP protocols are enabled and accessible.

📦 What is this software?

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

Coherence by Oracle

View all CVEs affecting Coherence →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of Oracle Coherence, disrupting dependent applications and business processes.

🟠

Likely Case

Service disruption causing application downtime and performance degradation.

🟢

If Mitigated

Limited impact if network access controls prevent T3/IIOP exposure to untrusted networks.

🌐 Internet-Facing: HIGH - Unauthenticated network exploitation via standard protocols makes internet-facing systems particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal systems remain vulnerable to insider threats or compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Oracle describes as 'easily exploitable' with network access via T3/IIOP protocols.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Critical Patch Update July 2021 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2021.html

Restart Required: Yes

Instructions:

1. Download Critical Patch Update July 2021 from Oracle Support. 2. Apply patch to affected Oracle Coherence installations. 3. Restart Oracle Coherence services.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict network access to T3 (port 7001) and IIOP (port 7002) ports to trusted sources only.

iptables -A INPUT -p tcp --dport 7001 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 7002 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 7001 -j DROP
iptables -A INPUT -p tcp --dport 7002 -j DROP

Protocol Disablement

all

Disable T3 and IIOP protocols if not required for functionality.

Edit coherence configuration to disable T3 and IIOP protocols

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Oracle Coherence from untrusted networks.
  • Deploy web application firewall or intrusion prevention system to monitor and block suspicious T3/IIOP traffic.

🔍 How to Verify

Check if Vulnerable:

Check Oracle Coherence version against affected versions list. Verify if T3/IIOP ports are exposed.

Check Version:

java -jar coherence.jar -version

Verify Fix Applied:

Confirm patch application via Oracle OPatch utility and verify version is no longer in affected range.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service crashes or hangs
  • High volume of T3/IIOP connection attempts
  • Out of memory errors in Coherence logs

Network Indicators:

  • Unusual traffic patterns on T3 (7001) or IIOP (7002) ports
  • Connection attempts from unexpected sources

SIEM Query:

source="coherence.log" AND ("crash" OR "hang" OR "out of memory") OR destination_port IN (7001, 7002) AND protocol="T3/IIOP"

📊 Metadata

CVE ID: CVE-2021-2344
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: July 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON