2021-01-02 04:56:15 +00:00
id : CVE-2020-2551
2020-10-01 06:10:28 +00:00
info :
2022-11-29 05:43:35 +00:00
name : Oracle WebLogic Server - Remote Code Execution
2020-10-01 06:10:28 +00:00
author : dwisiswant0
2020-10-01 06:11:28 +00:00
severity : critical
2022-05-26 18:35:42 +00:00
description : |
Oracle WebLogic Server (Oracle Fusion Middleware (component : WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
2023-09-06 12:22:36 +00:00
remediation : |
Apply the latest security patches provided by Oracle to mitigate this vulnerability.
2022-03-29 10:33:49 +00:00
reference :
- https://github.com/hktalent/CVE-2020-2551
- https://nvd.nist.gov/vuln/detail/CVE-2020-2551
2022-05-17 09:18:12 +00:00
- https://www.oracle.com/security-alerts/cpujan2020.html
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-2551
2023-11-05 22:23:39 +00:00
epss-score : 0.9746
2023-11-09 06:04:52 +00:00
epss-percentile : 0.99953
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : oracle
product : weblogic_server
tags : cve,cve2020,oracle,weblogic,rce,unauth
2020-10-01 06:10:28 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-10-01 06:10:28 +00:00
- method : GET
path :
- "{{BaseURL}}/console/login/LoginForm.jsp"
2021-09-12 13:01:46 +00:00
2020-10-01 06:10:28 +00:00
matchers-condition : and
matchers :
- type : word
2023-07-11 19:49:27 +00:00
part : body
2020-10-01 06:10:28 +00:00
words :
- "10.3.6.0"
- "12.1.3.0"
- "12.2.1.3"
- "12.2.1.4"
condition : or
2021-09-12 13:01:46 +00:00
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-09-12 13:01:46 +00:00
words :
- "WebLogic"
2020-10-01 06:10:28 +00:00
- type : status
status :
- 200
2023-11-09 08:56:13 +00:00
# digest: 4b0a0048304602210095da0f609769e04679359c0578c0e568ff091f5e0f93b02e300ed2e0e728828a022100d2bd91bd42575ee820dbc1adff9ee8571171d69071d53005f397d3725bf583d0:922c64590222798bb761d5b6d8e72950