id: CVE-2020-2551 info: name: Unauthenticated Oracle WebLogic Server Remote Code Execution author: dwisiswant0 severity: critical description: 'Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.' reference: - https://github.com/hktalent/CVE-2020-2551 - https://nvd.nist.gov/vuln/detail/CVE-2020-2551 - https://www.oracle.com/security-alerts/cpujan2020.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2551 tags: cve,cve2020,oracle,weblogic,rce,unauth requests: - method: GET path: - "{{BaseURL}}/console/login/LoginForm.jsp" matchers-condition: and matchers: - type: word words: - "10.3.6.0" - "12.1.3.0" - "12.2.1.3" - "12.2.1.4" condition: or part: body - type: word words: - "WebLogic" part: body - type: status status: - 200 # Enhanced by mp on 2022/03/25