.. / CVE-2019-2729

Exploit for Oracle WebLogic Server Administration Console - Remote Code Execution (CVE-2019-2729)

Description:

The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.

Nuclei Template

View the template here CVE-2019-2729.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-2729.yaml

References:

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/alert-cve-2019-2729.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://nvd.nist.gov/vuln/detail/CVE-2019-2729
http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html

.. / CVE-2019-2729 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle WebLogic Server Administration Console - Remote Code Execution (CVE-2019-2729)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-2729