qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Weblogic-Secondary-Deserial...

58 lines
2.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Weblogic Secondary Deserialization RCE (CVE-2021-2135)",
"Description": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"Product": "Oracle-WebLogic-Server",
"Homepage": "https://www.oracle.com",
"DisclosureDate": "2021-04-22",
"Author": "go0p",
"FofaQuery": "app=\"BEA-WebLogic-Server\" || app=\"Weblogic_interface_7001\"",
"GobyQuery": "",
"Level": "3",
"Impact": "",
"Recommendation": "Users can refer to the security bulletins provided by the following vendors to obtain patch information: https://www.oracle.com/security-alerts/",
"Translation": {
"CN": {
"Description": "Oracle WebLogic Server是美国甲骨文Oracle公司的一款适用于云环境和传统环境的应用服务中间件它提供了一个现代轻型开发平台支持应用从开发到生产的整个生命周期管理并简化了应用的部署和管理。 Oracle WebLogic Server Coherence Container 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 存在安全漏洞该漏洞允许未经身份验证的攻击者通过T3、IIOP进行网络访问从而危害Oracle WebLogic Server。导致Oracle WebLogic服务器被接管。",
"Impact": "Impact",
"Name": "Oracle WebLogic Server 安全漏洞CVE-2021-2135",
"Product": "Oracle WebLogic Server",
"Recommendation": "目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.oracle.com/security-alerts/cpuapr2021.html"
}
},
"References": null,
"RealReferences": [
"https://www.oracle.com/security-alerts/cpuapr2021.html",
"https://nvd.nist.gov/vuln/detail/CVE-2021-2135",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2135"
],
"HasExp": true,
"ExpParams": [
{
"name": "AttackType",
"type": "select",
"value": "goby_shell_linux,goby_shell_windows"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": null,
"ExploitSteps": null,
"Tags": null,
"CVEIDs": [
"CVE-2021-2135"
],
"CVSSScore": "9.8",
"CNNVDIDs": [
"CNNVD-202104-1463"
],
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"Disable": false
}
Reference in New Issue View Git Blame Copy Permalink