daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2020/CVE-2020-2551.yaml

61 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2020-2551
info:
name: Oracle WebLogic Server - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Apply the latest security patches provided by Oracle to mitigate this vulnerability.
reference:
- https://github.com/hktalent/CVE-2020-2551
- https://nvd.nist.gov/vuln/detail/CVE-2020-2551
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://github.com/neilzhang1/Chinese-Charts
- https://github.com/pjgmonteiro/Pentest-tools
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-2551
epss-score: 0.97537
epss-percentile: 0.99993
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: oracle
product: weblogic_server
shodan-query:
- http.title:"oracle peoplesoft sign-in"
- product:"oracle weblogic"
fofa-query: title="oracle peoplesoft sign-in"
google-query: intitle:"oracle peoplesoft sign-in"
tags: cve2020,cve,oracle,weblogic,rce,unauth,kev
http:
- method: GET
path:
- "{{BaseURL}}/console/login/LoginForm.jsp"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "10.3.6.0"
- "12.1.3.0"
- "12.2.1.3"
- "12.2.1.4"
condition: or
- type: word
part: body
words:
- "WebLogic"
- type: status
status:
- 200
# digest: 4a0a0047304502207e50b3ed9b29a0f0d8605b097970e019fd2100d1d0e91bf8e365492902e9eebd022100d65f279db6a7c16f47e45df961647a5cef50a390314f103ec019198b745c9136:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink