Recently Oracle published its periodically security advisory. The advisory contains fixes for 334 CVEs, 231 of them are exploitable over the HTTP protocol.

Oracle tends not to publicly disclose details related to the attack vectors of the vulnerabilities they publish; however, we could tell based on public information that already exist for some of the vulnerabilities whether we are able to mitigate the attack vector with existing ASM signatures.

BIG-IP ASM customers are already protected against the following vulnerabilities published in the advisory:

CVE Identifier	Product	Signature IDs / Attack Type
CVE-2018-2943	Oracle Fusion Middleware MapViewer	Path Traversal Signatures
CVE-2018-3101	Oracle WebCenter Portal	200018018,200018030,200018036,200018037
CVE-2018-2894	Oracle WebLogic Server	200004048, Java Server Side Code Injection Signatures
CVE-2018-2945	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-2946	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-2947	JD Edwards EnterpriseOne Tools	Path Traversal Signatures
CVE-2018-2948	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-2949	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-2950	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-3100	Oracle Business Process Management Suite	SQL-Injection Signatures
CVE-2018-3105	Oracle SOA Suite	Path Traversal Signatures
CVE-2018-2999	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-3006	JD Edwards EnterpriseOne Tools	Cross Site Scripting (XSS) Signatures
CVE-2018-3016	PeopleSoft Enterprise PeopleTools	Cross Site Scripting (XSS) Signatures
CVE-2018-7489	Oracle WebLogic Server	Java Server Side Code Injection Signatures

We are constantly monitoring newly disclosed information and PoCs containing the attack vectors for the other vulnerabilities not mentioned in the table above and will release ASM signature updates if required.

Oracle Periodically Security Update – Mitigating with ASM