Lucene search
K

108 matches found

CNVD
CNVD
added 2021/04/19 12:0 a.m.3 views

Oracle WebLogic T3 Deserialization Vulnerability

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

7.5AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2021/03/28 12:0 a.m.0 views

RMI And Oracle WebLogic T3 Protocol Insecure Deserialization

An insecure deserialization vulnerability exists in the T3 protocol used by WebLogic servers and in RMI protocol. This is due to lack of sanitization of user-provided serialized java objects. Successful exploitation could allow an attacker to execute arbitrary code on the affected system...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/01/24 7:1 p.m.7 views

Exploit for CVE-2020-14644

It is an offensive tool for WebLogic. The repository contains a basic proof-of-concept PoC and exploit script for WebLogic, with the goal of creating a unified detection and exploitation tool. The script, named weblogicpoc.py, uses the T3 protocol to connect to a WebLogic server and exploit...

9.8CVSS7.1AI score0.94465EPSS
Exploits3
GithubExploit
GithubExploit
added 2021/01/22 7:43 a.m.262 views

Exploit for CVE-2021-2109

CVE-2021-2109: WebLogic Server Remote Code Execution Vulnerabili...

9.8CVSS7.7AI score0.9927EPSS
Exploits15
Zero Day Initiative
Zero Day Initiative
added 2020/10/22 12:0 a.m.32 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigge...

9.8CVSS4AI score0.30081EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2020/10/22 12:0 a.m.40 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigge...

9.8CVSS4AI score0.30081EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2020/10/22 12:0 a.m.31 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the...

9.8CVSS4.1AI score0.03752EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/10/22 12:0 a.m.27 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the...

9.8CVSS4.1AI score0.30081EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application using the IIOP and T3 protocols...

10CVSS7.7AI score0.02006EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/15 6:15 p.m.1 views

CVE-2020-14645

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T...

9.8CVSS7.3AI score0.46208EPSS
Exploits3References1
0day.today
0day.today
added 2020/06/08 12:0 a.m.165 views

WebLogic Server Deserialization Remote Code Execution Exploit

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an...

9.8CVSS1.1AI score0.94928EPSS
Exploits11
Packet Storm
Packet Storm
added 2020/06/04 12:0 a.m.375 views

WebLogic Server Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp', 'Description' = %q There exists a Java object deserialization...

7.5CVSS0.3AI score0.94928EPSS
Exploits11
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.6 views

The vulnerabilities of the Caching components, CacheStore, and the software platform for data processing in Oracle Coherence allow a hacker to gain full control over the application.

The vulnerability of the Caching, CacheStore, and Invocation components of the Oracle Coherence data processing software platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application through the IIOP an...

10CVSS7.7AI score0.01961EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added 2020/06/01 2:41 p.m.82 views

WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp

There exists a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator...

9.8CVSS8.2AI score0.94928EPSS
Exploits11
Saint
Saint
added 2020/05/27 12:0 a.m.317 views

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

7.5CVSS9.9AI score0.97116EPSS
Exploits26
Saint
Saint
added 2020/05/27 12:0 a.m.218 views

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

9.8CVSS9.8AI score0.97116EPSS
Exploits26
Saint
Saint
added 2020/05/27 12:0 a.m.176 views

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

9.8CVSS9.8AI score0.97116EPSS
Exploits26
0daydb
0daydb
added 2020/05/24 3:30 p.m.364 views

WebLogic Server CVE-2020-2555 - Remote Code Execution

his Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE ...

7.5CVSS0.8AI score0.97116EPSS
Exploits31
GithubExploit
GithubExploit
added 2020/05/24 2:56 a.m.178 views

Exploit for CVE-2020-2551

WebLogic-CVE-2020-2551-To-Internet CVE-2020-2551: POC fo...

9.8CVSS7.8AI score0.99448EPSS
Exploits83
Exploit DB
Exploit DB
added 2020/05/22 12:0 a.m.702 views

WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE - BadAttributeValueExpException', 'Description' = %q There exists a Java object deserialization vulnerability...

9.8CVSS9.4AI score0.97116EPSS
Exploits26
Rows per page
Query Builder