5 matches found
K67404630: Oracle WebLogic Server vulnerabilities CVE-2018-2894 and CVE-2018-2935
Security Advisory Description CVE-2018-2894 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticat...
Exploit for CVE-2018-2894
Weblogic任意文件上传漏洞(CVE-2018-2894) 最近大家都在说这个漏洞,大家都注意到config.do这里发生了问题,但是其实根据 https://mp.weixin.qq.com/s/y5JGmM-aNaHcs6P9a-gRQ 这里的信息,begin.do也是有问题。少扯淡,下面给出具体利用方法: 问题就出现下下面这个页面。 上传时候,修改name的值就可以了 避免大家麻烦,给出来: /../../../../../../wlserver/server/lib/consoleapp/webapp/framework/skins/wlsconsole/images/ 然后...
CVE-2018-2894
creationtimestamp| type| source ---|---|--- 2018-12-11 15:50:28+00:00| seen| MISP/5c0fd6cc-f868-4dca-890c-1ea30a021402 2019-02-06 01:53:29+00:00| seen| MISP/5c5a3d7b-ba70-474a-bd8a-1b5a0a021402 2020-05-12 13:27:31+00:00| seen| https://t.me/Ninjutsuos/134 2020-05-12 13:27:34+00:00| seen|...
Oracle WebLogic WLS Server Component Arbitrary File Upload (CVE-2018-2894)
An arbitrary file upload vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to input validation of a keystore file. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation cou...
CVE-2018-2894
CVE-2018-2894 affects Oracle WebLogic Server (WLS - Web Services) in Oracle Fusion Middleware; vulnerable versions include 12.1.3.0, 12.2.1.2 and 12.2.1.3. The flaw enables unauthenticated, network-based attackers to execute code on the server via HTTP, potentially taking over the WebLogic Server...