nuclei-templates/cves/2018/CVE-2018-2894.yaml

22 lines
643 B
YAML
Raw Normal View History

2021-04-10 13:44:41 +00:00
id: CVE-2018-2894
info:
name: Oracle WebLogic RCE
author: geeknik
description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
reference: https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/
severity: critical
tags: cve,cve2018,oracle,weblogic,rce
requests:
- method: GET
path:
- "{{BaseURL}}/ws_utc/config.do"
redirects: true
matchers:
- type: word
words:
- "* Copyright (c) 2005,2013, Oracle"
- "<title>settings</title>"
condition: and