id: CVE-2020-2551

info:
  name: Oracle WebLogic Server Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
  reference:
    - https://github.com/hktalent/CVE-2020-2551
    - https://nvd.nist.gov/vuln/detail/CVE-2020-2551
    - https://www.oracle.com/security-alerts/cpujan2020.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-2551
  tags: cve,cve2020,oracle,weblogic,rce,unauth

requests:
  - method: GET
    path:
      - "{{BaseURL}}/console/login/LoginForm.jsp"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "10.3.6.0"
          - "12.1.3.0"
          - "12.2.1.3"
          - "12.2.1.4"
        condition: or
        part: body

      - type: word
        words:
          - "WebLogic"
        part: body

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/03/25