Merge pull request #513 from dwisiswant0/add/CVE-2020-2551

Add CVE-2020-2551

cves/CVE-2020-2551.yaml

@@ -0,0 +1,40 @@
+id: cve-2020-2551
+
+info:
+  name: Unauthenticated Oracle WebLogic Server RCE
+  author: dwisiswant0
+  severity: critical
+  description: |
+    This template supports the detection part only. See references.
+
+    Vulnerability in the Oracle WebLogic Server product of
+    Oracle Fusion Middleware (component: WLS Core Components).
+    Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0,
+    12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability
+    allows unauthenticated attacker with network access via IIOP
+    to compromise Oracle WebLogic Server.
+
+    Successful attacks of this vulnerability can result
+    in takeover of Oracle WebLogic Server.
+
+    Source/References:
+    - https://github.com/hktalent/CVE-2020-2551
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/console/login/LoginForm.jsp"
+      - "{{BaseURL}}:7001/console/login/LoginForm.jsp"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "10.3.6.0"
+          - "12.1.3.0"
+          - "12.2.1.3"
+          - "12.2.1.4"
+        condition: or
+        part: body
+      - type: status
+        status:
+          - 200