CVE-2024-21274 – This vulnerability in Oracle WebLogic Server al... (How to Fix)

Q: What is the severity of CVE-2024-21274?

CVE-2024-21274 has a CVSS score of 7.5 (HIGH). This vulnerability in Oracle WebLogic Server allows unauthenticated attackers to cause denial of service by crashing or hanging the server via HTTP requests. It affects WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. Organizations running these versions with network-accessible WebLogic Console are at risk.

📋 TL;DR

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers to cause denial of service by crashing or hanging the server via HTTP requests. It affects WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. Organizations running these versions with network-accessible WebLogic Console are at risk.

💻 Affected Systems

Products:

Oracle WebLogic Server

Versions: 12.2.1.4.0 and 14.1.1.0.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Console component specifically; requires network access to WebLogic Server

📦 What is this software?

Weblogic Server by Oracle

View all CVEs affecting Weblogic Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of WebLogic Server, disrupting all applications and services hosted on it

🟠

Likely Case

Service disruption causing application downtime and business impact

🟢

If Mitigated

Limited impact if server is isolated or behind proper network controls

🌐 Internet-Facing: HIGH - Unauthenticated network attack vector makes internet-facing servers extremely vulnerable

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS indicates 'easily exploitable' with low attack complexity; no authentication required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update October 2024

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Download appropriate patches from Oracle Support 2. Apply patches following Oracle documentation 3. Restart WebLogic Server instances 4. Verify patch application

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to WebLogic Console to trusted IPs only

Configure firewall rules to limit access to WebLogic Server ports (typically 7001, 7002)

Disable Console Access

all

Temporarily disable WebLogic Console if not required for operations

Modify config.xml to disable console or use WebLogic security configuration

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy Web Application Firewall (WAF) with DoS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WebLogic Server version and compare with affected versions

Check Version:

java weblogic.version

Verify Fix Applied:

Verify patch application via Oracle OPatch utility and version check

📡 Detection & Monitoring

Log Indicators:

Multiple connection attempts to console endpoint
Server crash/hang logs
OutOfMemory errors in server logs

Network Indicators:

Unusual HTTP traffic patterns to WebLogic Console endpoints
High volume of requests from single sources

SIEM Query:

source="weblogic" AND (event="Server Hang" OR event="Crash" OR message="OutOfMemory")

📊 Metadata

CVE ID: CVE-2024-21274

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: October 15, 2024

Last Updated: October 18, 2024

🔗 References

https://www.oracle.com/security-alerts/cpuoct2024.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21274, you might also want to check these: