nuclei-templates/http/cves/2020/CVE-2020-2551.yaml

54 lines
1.7 KiB
YAML

id: CVE-2020-2551
info:
name: Oracle WebLogic Server - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
remediation: |
Apply the latest security patches provided by Oracle to mitigate this vulnerability.
reference:
- https://github.com/hktalent/CVE-2020-2551
- https://nvd.nist.gov/vuln/detail/CVE-2020-2551
- https://www.oracle.com/security-alerts/cpujan2020.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-2551
epss-score: 0.9746
epss-percentile: 0.99949
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: oracle
product: weblogic_server
tags: cve,cve2020,oracle,weblogic,rce,unauth
http:
- method: GET
path:
- "{{BaseURL}}/console/login/LoginForm.jsp"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "10.3.6.0"
- "12.1.3.0"
- "12.2.1.3"
- "12.2.1.4"
condition: or
- type: word
part: body
words:
- "WebLogic"
- type: status
status:
- 200
# digest: 4a0a0047304502205987de76b6b510b7b1e796f687c373ca8ba3d9d5d6bec901043a6b12864f5647022100db5c3f18f12ea31b44ceb8678c21cd0ac40f75de4b89b0bd3a468254430fbd7f:922c64590222798bb761d5b6d8e72950