Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2019-2618

Published: 23/04/2019 Updated: 24/08/2020
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 5.5 | Impact Score: 4.2 | Exploitability Score: 1.2
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Weblogic Server

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle weblogic server 10.3.6.0.0

oracle weblogic server 12.1.3.0.0

oracle weblogic server 12.2.1.3.0

Github Repositories

https://github.com/jas502n/cve-2019-2618

Weblogic Upload Vuln(Need username password)-CVE-2019-2618

cve-2019-2618 Weblogic Upload Vuln(Need username password)-CVE-2019-2618 python使用 python CVE-2019-2618py url username password 解密weblogic密码 root@f0cb7e674d7e:~/Oracle# cat /root/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/security/bootproperties |grep pass password={AES}dv/eNBsyg5GcDUbAKaQRhe

https://github.com/2357000166/POC

my POC for vul

POC Runtime environment:Python3 CNVD-C-2019-48814 CVE-2019-2618 new weblogic vul

https://github.com/wsfengfan/CVE-2019-2618-

CVE-2019-2618-自己编写

CVE-2019-2618-漏洞检测工具 根据提示依次输入服务器 url 用户名 密码 例如:python3 CVE-2019-2618_testpy 127001 root root123 代码会返回response的主体内容,可以根据主体内容提供的url,查看是否上传成功 程序内上传的文件名称为 "testjsp" 正常上传成功,testjsp显示为 "CVE-2019-2618_

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://nvd.nist.govhttps://github.com/jas502n/cve-2019-2618
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook