id: CVE-2018-2894

info:
  name: Oracle WebLogic RCE
  author: geeknik
  description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
  reference: https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/
  severity: critical
  tags: cve,cve2018,oracle,weblogic,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ws_utc/config.do"

    redirects: true
    matchers:
      - type: word
        words:
          - "* Copyright (c) 2005,2013, Oracle"
          - "<title>settings</title>"
        conditon: and