🔥 Add CVE-2019-2725

cves/CVE-2019-2725.yaml

@@ -0,0 +1,41 @@
+id: CVE-2019-2725
+
+info:
+  name: Oracle WebLogic Server - Unauthenticated RCE
+  author: dwisiswant0
+  severity: critical
+
+  # Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
+  # Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
+  # Easily exploitable vulnerability allows unauthenticated attacker
+  # with network access via HTTP to compromise Oracle WebLogic Server.
+  # Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
+  # --
+  # References:
+  # > https://paper.seebug.org/910/
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/_async/AsyncResponseService"
+      - "{{BaseURL}}:7001/_async/AsyncResponseService"
+    body: >-
+      <?xml version="1.0" encoding="UTF-8" ?>
+      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+      xmlns:ads="http://www.w3.org/2005/08/addressing">
+        <soapenv:Header></soapenv:Header>
+        <soapenv:Body></soapenv:Body>
+      </soapenv:Envelope>
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "soapenv:Envelope"
+        part: body
+      - type: word
+        words:
+          - "X-Powered-By: Servlet"
+        part: header
+      - type: status
+        status:
+          - 200