How to disable wls9_async_response.war and wls-wsat.war in weblogic 12c. This issue is related to the recently found weblogic vulnerability CVE 2019-2725 .

2 Answers

Emmanuel Collin On

Stop all your servers.
Rename (or remove) these 2 web applications.
Remove each server's tmp directory under $DOMAIN_HOME/servers/[server name]/tmp
Start your servers

A warning will be displayed in server's log saying that WebLogic is not able to deploye these applications but you can ignore it.

Panagiotis Chavariotis On

You can disable wls-wsat by using the following setting: