Published: 19/06/2019 Updated: 15/07/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 676

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A vulnerability in the Web Services component of Oracle WebLogic Server could allow an unauthenticated, remote malicious user to execute arbitrary code on a targeted system. The vulnerability is due to a deserialization condition that exists when the affected software uses the XMLDecoder class. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the malicious user to execute arbitrary code, which could be used to conduct further attacks. Oracle has confirmed the vulnerability and released software updates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.1.3.0.0
oracle weblogic server 12.2.1.3.0

Oracle Security Alert Advisory - CVE-2019-2729 Description This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services This remote code execution vulnerability is remotely exploitable without au ...

Oracle Weblogic version 103600 remote command execution exploit ...

CVE-2019-2729 Exploit Script

CVE-2019-2729-Exploit usage: oracle-weblogic-deserializepy [-h] -u TARGET -c COMMAND -h, --help : Show help message and exit -u TARGET : Target URL -c COMMAND : Command to execute Example Usage python oracle-weblogic-deserializepy -u 19216811:8080 -c whoami Credit for YSS Payload githubcom/waffl3ss/CVE-2019-2729

Exploit code for CVE-2019-2729

CVE-2019-2729 Exploit code for CVE-2019-2729 Oracle Weblogic running on Windows Can create a callback to a CobaltStrike listener or a Metasploit handler with payload windows/meterpreter/reverse_tcp Also have a non-beacon exploit that just executes commands on the underlying host (exploitpy) This version also has proxy support enabled

Exploit code for CVE-2019-2729

FrameScan 一款python3编写的简易的cms漏洞检测框架

FrameScan 工具简介 FrameScan是一款python3编写的简易的cms漏洞检测利用框架，支持漏洞检测与简单利用方式，支持大多数CMS，可以自定义CMS类型及自行编写POC。旨在帮助有安全经验的安全工程师对已知的应用快速发现漏洞。支持平台 Windows Linux MAC（请自测）工具特点单URL批量检测单URL单�

Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执行

weblogic CVE-2019-2725 CVE-2019-2729 POC 执行命令并回显 usage: 单个目标 python3 weblogic_get_webshellpy url 批量目标，将批量url放入url_listtxt python3 weblogic_get_webshellpy all

weblogic cve-2020-2729 githubcom/ruthlezs/CVE-2019-2729-Exploit/blob/master/oracle-weblogic-deserializepy

WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit

CVE-2019-2725 WebLogic Universal Exploit - CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729 payload builder & exploit Info / Help $ python3 weblogic_exploitpy -h ======================================================================== | WebLogic Universal Exploit | | CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2

WeblogicScan Forked from githubcom/dr0op/WeblogicScan Install pip3 install -r requirementstxt Usage Usage : python3 WeblogicScanpy -u [URL] python3 WeblogicScanpy -f [FILENAME] python3 WeblogicScanpy -n [CVE] python3 WeblogicScanpy -n [CVE] -e [CMD] Example : python3 WeblogicScanpy -u 127001:7001/ python3 WeblogicScanpy -f targetstxt python3 W

WeblogicScanLot系列，Weblogic漏洞批量检测工具，V2.2

项目停止维护，批量扫描功能合并至githubcom/rabbitmask/WeblogicScan 软件作者：Tide_RabbitMask 免责声明：Pia!(ｏ ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试，请勿用于非法使用，要乖哦~ V22简介：提供weblogic批量检测功能，收录几乎全部weblogic历史漏洞。【没有遇到过weblogi

Weblogic批量漏洞检测工具 | 基于自己的需求对原版做了个修改

WeblogicScan Weblogic一键批量漏洞检测工具，V10 软件作者：Bywalks 免责声明：Pia!(ｏ ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试，请勿用于非法用途，否则造成的一切后果自负~ 本版本为基于rabbitmask的WeblogicScan工具修改而成基于我的需求做了部分优化 V 10使用方法：需检�

WeblogicScanLot系列，Weblogic漏洞批量检测工具，V2.2

增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618，CVE-2019-2729检测，Python3支持

WeblogicScan 增强版WeblogicScan 从rabbitmask大佬的WeblogicScan V12 版本修改而来。修改前源项目地址：githubcom/rabbitmask/WeblogicScan DEFF 支持Python3 修复漏洞检测误报，漏洞检测结果更精确添加CVE-2019-2729, CVE-2019-2618漏洞检测插件化漏洞扫描组件添加彩色打印 INSTALL pip3 install -r requirementstxt

Weblogic一键漏洞检测工具，V1.5，更新时间：20200730

WeblogicScan Weblogic一键漏洞检测工具，V15 软件作者：Tide_RabbitMask 免责声明：Pia!(ｏ ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试，请勿用于非法使用，要乖哦~ V 15功能介绍：提供一键poc检测，收录几乎全部weblogic历史漏洞。详情如下： #控制台路径泄露 Console #SSR

Weblogic一键漏洞检测工具，V1.5，更新时间：20200730

weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551

源工具链接：githubcom/rabbitmask/WeblogicScan weblogicScaner 简体中文 | English 截至 2020 年 3 月 7 日，weblogic 漏洞扫描工具。若存在未记录且已公开 POC 的漏洞，欢迎提交 issue。原作者已经收集得比较完整了，在这里做了部分的 bug 修复，部分脚本 POC 未生效，配置错误等问题。之前查了一下�

抓取 Weblogic 等 Oracle 组件的历史漏洞信息

一个 Oracle 历史漏洞爬取工具通过制定关键字，可以自动检索 WebLogic, Database, Management Center, Testing Suite 等历史漏洞并统计。准备 go build 运行检索所有历史 WebLogic 漏洞，输出到屏幕 /main --filter WebLogic 检索所有历史 WebLogic 漏洞, 输出到 weblogicmd /main --filter WebLogic --output weblogicmd �

源工具链接：githubcom/rabbitmask/WeblogicScan weblogicScaner 简体中文 | English 截至 2020 年 11 月 27 日，weblogic 漏洞扫描工具。若存在未记录且已公开 POC 的漏洞，欢迎提交 issue。原作者已经收集得比较完整了，在这里做了部分的 bug 修复，部分脚本 POC 未生效，配置错误等问题。之前查了一�

红方人员作战执行手册

红方人员实战手册声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好分享初衷一来, 旨在为 "攻击" / "防御"方提供更加全面实用的参考还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

PenetrationTesting English Version Github的Readme显示不会超过4000行，而此Repo添加的工具和文章近万行，默认显示不全。当前页面是减配版：工具星数少于200且500天内没更新的不在此文档中显示。点击这里查看完整版：中文-完整版目录工具新添加的 (854) 新添加的未分类人工智能&&a

Vulmap是一款漏洞扫描工具，可对Web容器、Web服务器、Web中间件以及CMS等Web程序进行漏洞扫描，并且具备漏洞利用功能。相关测试人员可以使用vulmap检测目标是否存在特定漏洞，并且可以使用漏洞利用功能验证漏洞是否真实存在。

Vulmap - Vulnerability scanning and verification tools 中文版本(Chinese Version) русский(Russian Version) Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS and other Web programs, and has vulnerability exploitation functions Relevant testers can use vulmap to detect whether the target ha

红方人员作战执行手册

Vulmap - Web vulnerability scanning and verification tools [Click here for the English Version] Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能, 目前支持的 webapps 包括 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, fastjson, jenkins, nexus, weblogic, jboss, spring, th

信息收集主机信息收集敏感目录文件收集目录爆破字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息快捷搜索第三方资源 findjs robotstxt 目录可访问（ autoindex ） iis短文件名 IIS-ShortName-Scanner

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

项目简介信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、擦痕迹。安全相关资源列表 arxivorg 康奈尔大学（Cornell University）开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

平常看到好的各种工具的集合

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Oracle WebLogic Server RCE Flaw Under Active Attack

Threatpost • Lindsey O'Donnell • 29 Oct 2020

If an organization hasn’t updated their Oracle WebLogic servers to protect them against a recently disclosed RCE flaw, researchers have a dire warning: “Assume it has been compromised.”
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The console component of the WebLogic Server has a flaw, CVE-2020-14882, which ranks 9.8 out of 10 on the CVSS scale. According to Oracle, the attack is “low” in complexity, req...

Threatpost • Lindsey O'Donnell • 04 May 2020

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote code execution flaw, CVE-2020-2883, that can be exploited by unauthenticated attackers to take over unpatched systems...

IT threat evolution Q3 2019

Securelist • David Emm • 29 Nov 2019

At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence Portal. We believe the mal...

The Register • Shaun Nichols in San Francisco • 19 Jun 2019

Emergency security fix emitted for remote code exec hole exploited in the wild

Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems.
The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services.
When exploited, a remote at...

Threatpost • Lindsey O'Donnell • 19 Jun 2019

Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild.
The remote code execution flaw (CVE-2019-2729) impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability has a CVSS score of 9.8 out of 10. Part of its seriousness is because it is remotely exploitable without authentication.
“Due to the severity of this vulnerability, Oracle strongly reco...

BleepingComputer • Ionut Ilascu • 19 Jun 2019

Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks.
The issue is now tracked CVE-2019-2729 and it is deserialization via XMLDecoder in Oracle WebLogic Server Web Services. This is the same as CVE-2019-2725,
, leveraged in past attacks to deliver
and
. It is also included in the exploit bag of the re...

CVE-2019-2729

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

Recent Articles

References