id: CVE-2018-2894

info:
  name: Oracle WebLogic RCE
  author: geeknik
  description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
  reference: https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/
  severity: critical
  tags: cve,cve2018,oracle,weblogic,rce
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2018-2894

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ws_utc/config.do"

    redirects: true
    matchers:
      - type: word
        words:
          - "* Copyright (c) 2005,2013, Oracle"
          - "<title>settings</title>"
        condition: and