mirror of https://github.com/qwqdanchun/Goby.git
58 lines
2.7 KiB
JSON
58 lines
2.7 KiB
JSON
|
{
|
|||
|
"Name": "Weblogic Secondary Deserialization RCE (CVE-2021-2135)",
|
|||
|
"Description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
|
|||
|
"Product": "Oracle-WebLogic-Server",
|
|||
|
"Homepage": "https://www.oracle.com",
|
|||
|
"DisclosureDate": "2021-04-22",
|
|||
|
"Author": "go0p",
|
|||
|
"FofaQuery": "app=\"BEA-WebLogic-Server\" || app=\"Weblogic_interface_7001\"",
|
|||
|
"GobyQuery": "",
|
|||
|
"Level": "3",
|
|||
|
"Impact": "",
|
|||
|
"Recommendation": "Users can refer to the security bulletins provided by the following vendors to obtain patch information: https://www.oracle.com/security-alerts/",
|
|||
|
"Translation": {
|
|||
|
"CN": {
|
|||
|
"Description": "Oracle WebLogic Server是美国甲骨文(Oracle)公司的一款适用于云环境和传统环境的应用服务中间件,它提供了一个现代轻型开发平台,支持应用从开发到生产的整个生命周期管理,并简化了应用的部署和管理。 Oracle WebLogic Server Coherence Container 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 存在安全漏洞,该漏洞允许未经身份验证的攻击者通过T3、IIOP进行网络访问,从而危害Oracle WebLogic Server。导致Oracle WebLogic服务器被接管。",
|
|||
|
"Impact": "Impact",
|
|||
|
"Name": "Oracle WebLogic Server 安全漏洞(CVE-2021-2135)",
|
|||
|
"Product": "Oracle WebLogic Server",
|
|||
|
"Recommendation": "目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.oracle.com/security-alerts/cpuapr2021.html"
|
|||
|
}
|
|||
|
},
|
|||
|
"References": null,
|
|||
|
"RealReferences": [
|
|||
|
"https://www.oracle.com/security-alerts/cpuapr2021.html",
|
|||
|
"https://nvd.nist.gov/vuln/detail/CVE-2021-2135",
|
|||
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2135"
|
|||
|
],
|
|||
|
"HasExp": true,
|
|||
|
"ExpParams": [
|
|||
|
{
|
|||
|
"name": "AttackType",
|
|||
|
"type": "select",
|
|||
|
"value": "goby_shell_linux,goby_shell_windows"
|
|||
|
}
|
|||
|
],
|
|||
|
"ExpTips": {
|
|||
|
"Type": "",
|
|||
|
"Content": ""
|
|||
|
},
|
|||
|
"ScanSteps": null,
|
|||
|
"ExploitSteps": null,
|
|||
|
"Tags": null,
|
|||
|
"CVEIDs": [
|
|||
|
"CVE-2021-2135"
|
|||
|
],
|
|||
|
"CVSSScore": "9.8",
|
|||
|
"CNNVDIDs": [
|
|||
|
"CNNVD-202104-1463"
|
|||
|
],
|
|||
|
"AttackSurfaces": {
|
|||
|
"Application": null,
|
|||
|
"Support": null,
|
|||
|
"Service": null,
|
|||
|
"System": null,
|
|||
|
"Hardware": null
|
|||
|
},
|
|||
|
"Disable": false
|
|||
|
}
|