id: CVE-2020-2551

info:
  name: Unauthenticated Oracle WebLogic Server RCE
  author: dwisiswant0
  severity: critical
  description: |
    This template supports the detection part only. See references.

    Vulnerability in the Oracle WebLogic Server product of
    Oracle Fusion Middleware (component: WLS Core Components).
    Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0,
    12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability
    allows unauthenticated attacker with network access via IIOP
    to compromise Oracle WebLogic Server.

    Successful attacks of this vulnerability can result
    in takeover of Oracle WebLogic Server.

  reference: https://github.com/hktalent/CVE-2020-2551
  tags: cve,cve2020,oracle,weblogic,rce
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2020-2551

requests:
  - method: GET
    path:
      - "{{BaseURL}}/console/login/LoginForm.jsp"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "10.3.6.0"
          - "12.1.3.0"
          - "12.2.1.3"
          - "12.2.1.4"
        condition: or
        part: body

      - type: word
        words:
          - "WebLogic"
        part: body

      - type: status
        status:
          - 200