qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Oracle-WebLogic-Server-Remo...

75 lines
4.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Oracle WebLogic Server Remote Security Vulnerability (CVE-2017-10271&CVE-2017-3506)",
"Description": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"Product": "weblogic",
"Homepage": "http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html",
"DisclosureDate": "2017-10-19",
"Author": "mahui@gobies.org",
"FofaQuery": "app=\"Weblogic_interface_7001\" || app=\"Oracle-WeblogicPortal\" || title==\"Error 404--Not Found\"",
"GobyQuery": "",
"Level": "2",
"Impact": "<p>由于WebLogic在部署过程中默认启用了WLS WebService组件此组件使用了XMLDecoder来解析序列化数据攻击者可以通过构造恶意的XML文件来实现远程命令执行可能导致攻击者在服务器端任意执行代码进而控制整个web服务器。<br></p>",
"Recommandation": "<p style=\"text-align: start;\">1、升级WebLogic。</p><p style=\"text-align: start;\">WebLogic下载地址<a href=\"http://www.oracle.com/technetwork/cn/middleware/weblogic/downloads/index.html\">http://www.oracle.com/technetwork/cn/middleware/weblogic/downloads/index.html</a></p><p style=\"text-align: start;\">2、打补丁官网补丁<a href=\"http://www.oracle.com/technetwork/cn/topics/security/cpuoct2017-3236626-zhs.html\">http://www.oracle.com/technetwork/cn/topics/security/cpuoct2017-3236626-zhs.html</a></p><p style=\"text-align: start;\">如果没有Oracle账号补丁地址:&nbsp;<a href=\"https://pan.baidu.com/s/1pKLLUYJ\">https://pan.baidu.com/s/1pKLLUYJ</a>&nbsp;密码: rc5j</p><p style=\"text-align: start;\">3、 根据实际环境路径删除WebLogic wls-wsat组件并重启服务器。</p><p style=\"text-align: start;\"></p><p><code><p style=\"text-align: start;\">rm -f &nbsp;/home/WebLogic/Oracle/Middleware/wlserver_10.3/server/lib/wls-wsat.war</p><p style=\"text-align: start;\">rm -f &nbsp;/home/WebLogic/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/tmp/.internal/wls-wsat.war</p><p style=\"text-align: start;\">rm -rf &nbsp;/home/WebLogic/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/tmp/_WL_internal/wls-wsat</p></code></p>",
"References": [
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/101304",
"http://www.securitytracker.com/id/1039608",
"https://github.com/c0mmand3rOpSec/CVE-2017-10271",
"https://www.exploit-db.com/exploits/43458/",
"https://www.exploit-db.com/exploits/43924/",
"https://nvd.nist.gov/vuln/detail/CVE-2017-10271",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271"
],
"HasExp": true,
"ExpParams": [
{
"name": "AttackType",
"type": "select",
"value": "create_jsp"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"data": "",
"data_type": "text",
"follow_redirect": true,
"method": "GET",
"uri": "/"
},
"ResponseTest": {
"checks": [
{
"bz": "",
"operation": "==",
"type": "item",
"value": "200",
"variable": "$code"
}
],
"operation": "AND",
"type": "group"
}
}
],
"ExploitSteps": null,
"Tags": ["rce"],
"CVEIDs": [
"CVE-2017-10271",
"CVE-2017-3506"
],
"CVSSScore": "7.5",
"AttackSurfaces": {
"Application": null,
"Support": ["weblogic"],
"Service": null,
"System": null,
"Hardware": null
},
"Disable": false
}
Reference in New Issue View Git Blame Copy Permalink