9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
local comm = require "comm"
local string = require "string"
local shortport = require "shortport"
local nmap = require "nmap"
description = "Detect the T3 RMI protocol and Weblogic version"
author = {"Alessandro ZANNI <[email protected]>", "Daniel Miller"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default","safe","discovery","version"}
portrule = function(host, port)
if type(port.version) == "table" and port.version.name_confidence > 3 and port.version.product ~= nil then
return string.find(port.version.product, "WebLogic", 1, true) and nmap.version_intensity() >= 7
end
return shortport.version_port_or_service({7001,7002,7003},"http")(host,port)
end
action = function(host, port)
local status, result = comm.exchange(host, port,
"t3 12.1.2\nAS:2048\nHL:19\n\n")
if (not status) then
return nil
end
local weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.")
local rval = nil
port.version = port.version or {}
local extrainfo = port.version.extrainfo
if extrainfo == nil then
extrainfo = ""
else
extrainfo = extrainfo .. "; "
end
if weblogic_version then
if weblogic_version == "12.1.2" then
status, result = comm.exchange(host, port,
"t3 11.1.2\nAS:2048\nHL:19\n\n")
weblogic_version = string.match(result, "^HELO:(%d+%.%d+%.%d+%.%d+)%.")
if weblogic_version == "11.1.2" then
-- Server just echoes whatever version we send.
rval = "T3 protocol in use (Unknown WebLogic version)"
else
port.version.version = weblogic_version
rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")"
end
else
port.version.version = weblogic_version
rval = "T3 protocol in use (WebLogic version: " .. weblogic_version .. ")"
end
port.version.extrainfo = extrainfo .. "T3 enabled"
elseif string.match(result, "^LGIN:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (handshake failed)"
elseif string.match(result, "^SERV:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No such service)"
elseif string.match(result, "^UNAV:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (Service unavailable)"
elseif string.match(result, "^LICN:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No license)"
elseif string.match(result, "^RESC:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No resource)"
elseif string.match(result, "^VERS:") then
weblogic_version = string.match(result, "^VERS:Incompatible versions %- this server:(%d+%.%d+%.%d+%.%d+)")
if weblogic_version then
port.version.version = weblogic_version
end
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (Incompatible version)"
elseif string.match(result, "^CATA:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (Catastrophic failure)"
elseif string.match(result, "^CMND:") then
port.version.extrainfo = extrainfo .. "T3 enabled"
rval = "T3 protocol in use (No such command)"
end
if rval then
if port.version.product == nil then
port.version.product = "WebLogic application server"
end
nmap.set_port_version(host, port, "hardmatched")
end
return rval
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%