daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Weblogic UDDIexplorer and other template updates (#4488) 

* Added Weblogic UDDIexplorer and other template updates

* misc updates
patch-1
Sandeep Singh 2022-05-27 00:05:42 +05:30 committed by GitHub
parent 7d559f8905
commit 1d5d9504fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 85 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2014/CVE-2014-4210.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4210
info:
name: Weblogic SSRF in SearchPublicRegistries.jsp
name: Oracle Weblogic - SSRF in SearchPublicRegistries.jsp
author: princechaddha
severity: medium
description: An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.

45
cves/2019/CVE-2019-2725.yaml
View File

File diff suppressed because one or more lines are too long

34
cves/2019/CVE-2019-2729.yaml
View File

File diff suppressed because one or more lines are too long

5
cves/2020/CVE-2020-2551.yaml
View File

@ -1,10 +1,11 @@
id: CVE-2020-2551
info:
name: Unauthenticated Oracle WebLogic Server Remote Code Execution
name: Oracle WebLogic Server Remote Code Execution
author: dwisiswant0
severity: critical
description: 'Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.'
description: |
Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
reference:
- https://github.com/hktalent/CVE-2020-2551
- https://nvd.nist.gov/vuln/detail/CVE-2020-2551

27
exposed-panels/weblogic-uddiexplorer.yaml Normal file
View File

@ -0,0 +1,27 @@
id: weblogic-uddiexplorer
info:
name: Oracle WebLogic UDDI Explorer
author: pdteam
severity: low
description: |
Oracle WebLogic UDDI Explorer allows authorized users to access and modify information about the web services published in the private WebLogic Server UDDI registries.
reference:
- https://www.tenable.com/plugins/was/112421
tags: panel,oracle,weblogic
requests:
- method: GET
path:
- "{{BaseURL}}/uddiexplorer/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'WebLogic UDDI Explorer'
- type: status
status:
- 200