Published: 18/07/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.2.1.2.0
oracle weblogic server 12.2.1.3
oracle weblogic server 12.1.3.0.0
oracle weblogic server 10.3.6.0.0

CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script

CVE-2018-2894 CVE-2018-2894 (WebLogic 未授权访问致任意文件上传/RCE漏洞) 检查脚本

Weblogic,CVE-2018-2894

Weblogic CVE-2018-2894 CVE-2018-2894 0x01 前言 Oracle 7月更新中，修复了Weblogic Web Service Test Page中一处任意文件上传漏洞，Web Service Test Page 在“生产模式”下默认不开启，所以该漏洞有一定限制，利用该漏洞，可以上传任意jsp文件，进而获取服务器权限。 0x02 漏洞环境 Ubuntu 1604 githubco

cve-2018-2894 不同别人的利用方法。

Weblogic任意文件上传漏洞（CVE-2018-2894）最近大家都在说这个漏洞，大家都注意到configdo这里发生了问题，但是其实根据 mpweixinqqcom/s/y5JGmM-aNaHcs_6P9a-gRQ 这里的信息，begindo也是有问题。少扯淡，下面给出具体利用方法：问题就出现下下面这个页面。上传时候，修改name的值就可以�

Weblogic 任意文件上传漏洞（CVE-2018-2894） Oracle 7月更新中，修复了Weblogic Web Service Test Page中一处任意文件上传漏洞，Web Service Test Page 在“生产模式”下默认不开启，所以该漏洞有一定限制。利用该漏洞，可以上传任意jsp文件，进而获取服务器权限。参考链接： wwworaclecom/techn

collection some vulnerability PoC

这里主要收集一些漏洞的Poc 所有的Poc来自于互联网有些PoC并没有验证 githubcom/qazbnm456/awesome-cve-pocgit awesomeliststop/#/repos/qazbnm456/awesome-cve-poc 本项目主要目的用于研究，严禁在实际环境中使用，所产生的后果，本人及原作者不负连带责任。 [] WebLogic CVE-2018-2894

collection some vulnerability PoC

这里主要收集一些漏洞的Poc 所有的Poc来自于互联网有些PoC并没有验证 githubcom/qazbnm456/awesome-cve-pocgit awesomeliststop/#/repos/qazbnm456/awesome-cve-poc 本项目主要目的用于研究，严禁在实际环境中使用，所产生的后果，本人及原作者不负连带责任。 [] WebLogic CVE-2018-2894

api info path: /search/info? example:127001:8000/search/info?site=19216879128&ports=1,2,3 参数参数类型描述例子 site str 站点ip 127001:8000/search/info?site=19216879128 porta list 开放的端口，支持多个参数以逗号隔开 127001:8000/search/info?ports=1,2,3 tide list 指纹 127001:8000/sear

A toy box to save my code toys

Toy-Box A toy box to save my python3 code toys Toys List superping 多地 ping CT_subdomain_collection_tool 通过证书透明度（CT）收集子域名 SANGFOR_EDR_RCE_PoC 深信服终端检测响应平台 RCE PoC http_options_scan Dangerous HTTP options (PUT, MOVE) detection on the 80 or 443 port of the web server CVE-2018-9995_PoC Get TBK DVR uid and pwd

So long and thanks for all the fixes: ERPScan left out of credits on Oracle bug-bash list

The Register • John Leyden • 18 Jul 2018

App security firm sanctioned in US over ties with Russia US tech companies sucked into Russian sanctions row Sir, you've been using Kaspersky Lab antivirus. Please come with us, sir

Oracle fixed 17 flaws in its products found by ERPScan researchers without acknowledging the application security firm, which was recently and controversially sanctioned in the US. ERPScan said vulnerabilities it uncovered affect six different business applications. Left unpatched, they potentially allow attackers access to sensitive business data. The bugs range from remote code execution and cross-site scripting to authentication bypass and memory corruption. The flaws spotted by ERPScan are a...

CVE-2018-2894

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect