nuclei-templates/cves/2018/CVE-2018-2894.yaml

26 lines
771 B
YAML

id: CVE-2018-2894
info:
name: Oracle WebLogic RCE
author: geeknik
description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
reference: https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/
severity: critical
tags: cve,cve2018,oracle,weblogic,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2018-2894
requests:
- method: GET
path:
- "{{BaseURL}}/ws_utc/config.do"
redirects: true
matchers:
- type: word
words:
- "* Copyright (c) 2005,2013, Oracle"
- "<title>settings</title>"
condition: and