2021-01-02 04:59:06 +00:00
|
|
|
id: CVE-2019-2725
|
2020-08-16 16:33:49 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: Oracle WebLogic Server - Unauthenticated RCE
|
|
|
|
author: dwisiswant0
|
|
|
|
severity: critical
|
2021-02-05 19:44:41 +00:00
|
|
|
tags: cve,cve2019,oracle,weblogic,rce
|
2020-08-16 16:33:49 +00:00
|
|
|
|
|
|
|
# Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
|
|
|
|
# Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
|
|
|
|
# Easily exploitable vulnerability allows unauthenticated attacker
|
|
|
|
# with network access via HTTP to compromise Oracle WebLogic Server.
|
|
|
|
# Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
|
|
|
# --
|
|
|
|
# References:
|
|
|
|
# > https://paper.seebug.org/910/
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: POST
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/_async/AsyncResponseService"
|
|
|
|
body: >-
|
|
|
|
<?xml version="1.0" encoding="UTF-8" ?>
|
|
|
|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
|
|
|
|
xmlns:ads="http://www.w3.org/2005/08/addressing">
|
|
|
|
<soapenv:Header></soapenv:Header>
|
|
|
|
<soapenv:Body></soapenv:Body>
|
|
|
|
</soapenv:Envelope>
|
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "soapenv:Envelope"
|
|
|
|
part: body
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "X-Powered-By: Servlet"
|
|
|
|
part: header
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|