.. / CVE-2020-14883

Exploit for Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution (CVE-2020-14883)

Description:

The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.

Nuclei Template

View the template here CVE-2020-14883.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-14883.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-14883
https://www.oracle.com/security-alerts/cpuoct2020.html
https://github.com/1n7erface/PocList
http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
https://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883

.. / CVE-2020-14883 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution (CVE-2020-14883)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-14883