Lucene search
K

5 matches found

F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.114 views

K67404630: Oracle WebLogic Server vulnerabilities CVE-2018-2894 and CVE-2018-2935

Security Advisory Description CVE-2018-2894 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticat...

9.8CVSS9AI score0.50224EPSS
Exploits7
Gitee
Gitee
added 2020/10/05 3:45 p.m.6 views

Exploit for CVE-2018-2894

Weblogic任意文件上传漏洞(CVE-2018-2894) 最近大家都在说这个漏洞,大家都注意到config.do这里发生了问题,但是其实根据 https://mp.weixin.qq.com/s/y5JGmM-aNaHcs6P9a-gRQ 这里的信息,begin.do也是有问题。少扯淡,下面给出具体利用方法: 问题就出现下下面这个页面。 上传时候,修改name的值就可以了 避免大家麻烦,给出来: /../../../../../../wlserver/server/lib/consoleapp/webapp/framework/skins/wlsconsole/images/ 然后...

9.8CVSS9.6AI score0.50224EPSS
Exploits7
Circl
Circl
added 2018/12/11 3:50 p.m.87 views

CVE-2018-2894

creationtimestamp| type| source ---|---|--- 2018-12-11 15:50:28+00:00| seen| MISP/5c0fd6cc-f868-4dca-890c-1ea30a021402 2019-02-06 01:53:29+00:00| seen| MISP/5c5a3d7b-ba70-474a-bd8a-1b5a0a021402 2020-05-12 13:27:31+00:00| seen| https://t.me/Ninjutsuos/134 2020-05-12 13:27:34+00:00| seen|...

9.8CVSS7.2AI score0.50224EPSS
In wildExploits7References5
Check Point Advisories
Check Point Advisories
added 2018/07/24 12:0 a.m.19 views

Oracle WebLogic WLS Server Component Arbitrary File Upload (CVE-2018-2894)

An arbitrary file upload vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to input validation of a keystore file. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation cou...

7.5CVSS9.3AI score0.50224EPSS
Exploits7
CVE
CVE
added 2018/07/18 1:0 p.m.368 views

CVE-2018-2894

CVE-2018-2894 affects Oracle WebLogic Server (WLS - Web Services) in Oracle Fusion Middleware; vulnerable versions include 12.1.3.0, 12.2.1.2 and 12.2.1.3. The flaw enables unauthenticated, network-based attackers to execute code on the server via HTTP, potentially taking over the WebLogic Server...

9.8CVSS9.1AI score0.50224EPSS
In wildExploits7References3Affected Software1
Rows per page
Query Builder