From fc14cc2a6c32ac201db464afd430b10ca41be56b Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <dwi.siswanto98@gmail.com>
Date: Thu, 1 Oct 2020 13:10:28 +0700
Subject: [PATCH 1/3] :fire: Add CVE-2020-2551

---
 cves/CVE-2020-2551.yaml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 cves/CVE-2020-2551.yaml

diff --git a/cves/CVE-2020-2551.yaml b/cves/CVE-2020-2551.yaml
new file mode 100644
index 0000000000..2fe21dbe0f
--- /dev/null
+++ b/cves/CVE-2020-2551.yaml
@@ -0,0 +1,40 @@
+id: cve-2020-2551
+
+info:
+  name: Unauthenticated Oracle WebLogic Server RCE
+  author: dwisiswant0
+  severity: high
+  description: |
+    This template supports the detection part only. See references.
+
+    Vulnerability in the Oracle WebLogic Server product of
+    Oracle Fusion Middleware (component: WLS Core Components).
+    Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0,
+    12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability
+    allows unauthenticated attacker with network access via IIOP
+    to compromise Oracle WebLogic Server.
+
+    Successful attacks of this vulnerability can result
+    in takeover of Oracle WebLogic Server.
+
+    Source/References:
+    - https://github.com/hktalent/CVE-2020-2551
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/console/login/LoginForm.jsp"
+      - "{{BaseURL}}:7001/console/login/LoginForm.jsp"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "10.3.6.0"
+          - "12.1.3.0"
+          - "12.2.1.3"
+          - "12.2.1.4"
+        condition: or
+        part: header
+      - type: status
+        status:
+          - 200

From 005fde383592675629266c96d068f2c12c899675 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <dwi.siswanto98@gmail.com>
Date: Thu, 1 Oct 2020 13:11:28 +0700
Subject: [PATCH 2/3] :pencil2: Update severity

---
 cves/CVE-2020-2551.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/CVE-2020-2551.yaml b/cves/CVE-2020-2551.yaml
index 2fe21dbe0f..19699f15a8 100644
--- a/cves/CVE-2020-2551.yaml
+++ b/cves/CVE-2020-2551.yaml
@@ -3,7 +3,7 @@ id: cve-2020-2551
 info:
   name: Unauthenticated Oracle WebLogic Server RCE
   author: dwisiswant0
-  severity: high
+  severity: critical
   description: |
     This template supports the detection part only. See references.
 

From 6d9ae2b147feec55a22933b806aff159a166cf40 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <dwi.siswanto98@gmail.com>
Date: Thu, 1 Oct 2020 13:12:30 +0700
Subject: [PATCH 3/3] :pencil2: Update part matchers

---
 cves/CVE-2020-2551.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/CVE-2020-2551.yaml b/cves/CVE-2020-2551.yaml
index 19699f15a8..a103025a76 100644
--- a/cves/CVE-2020-2551.yaml
+++ b/cves/CVE-2020-2551.yaml
@@ -34,7 +34,7 @@ requests:
           - "12.2.1.3"
           - "12.2.1.4"
         condition: or
-        part: header
+        part: body
       - type: status
         status:
           - 200