2021-01-02 04:59:06 +00:00
id : CVE-2019-2725
2020-08-16 16:33:49 +00:00
info :
2022-05-09 16:12:52 +00:00
name : Oracle WebLogic Server - Remote Command Execution
2020-08-16 16:33:49 +00:00
author : dwisiswant0
severity : critical
2021-03-30 12:10:17 +00:00
description : |
2022-05-09 16:12:52 +00:00
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent : Web Services) allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
2021-08-18 11:37:49 +00:00
reference :
2021-03-30 12:10:17 +00:00
- https://paper.seebug.org/910/
- https://www.exploit-db.com/exploits/46780/
- https://www.oracle.com/security-alerts/cpujan2020.html
2022-05-09 16:12:52 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2019-2725
2021-09-10 11:26:40 +00:00
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2019-2725
cwe-id : CWE-74
2022-04-22 10:38:41 +00:00
tags : cve,cve2019,oracle,weblogic,rce
2020-08-16 16:33:49 +00:00
requests :
- method : POST
path :
- "{{BaseURL}}/_async/AsyncResponseService"
2021-03-11 17:51:40 +00:00
headers :
Content-Type : application/soap; charset="utf-8"
2020-08-16 16:33:49 +00:00
body : >-
<?xml version="1.0" encoding="UTF-8" ?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ads="http://www.w3.org/2005/08/addressing">
<soapenv:Header></soapenv:Header>
<soapenv:Body></soapenv:Body>
</soapenv:Envelope>
matchers-condition : and
matchers :
- type : word
words :
- "soapenv:Envelope"
part : body
- type : word
words :
- "X-Powered-By: Servlet"
part : header
- type : status
status :
2022-05-09 16:12:52 +00:00
- 200
# Enhanced by mp on 2022/05/03