header-logo
Suggest Exploit
vendor:
WebLogic Server
by:
Unknown
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: WebLogic Server
Affected Version From: 7.0 SP7
Affected Version To: 10.3.2003
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Remote Vulnerability in Oracle WebLogic Server

This vulnerability in Oracle WebLogic Server can be exploited over the HTTP protocol. The attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges for the exploit to succeed. By sending specially crafted requests, an attacker can execute arbitrary code on the affected server.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41620/info

Oracle WebLogic Server is prone to a remote vulnerability.

The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have 'Plugins for Apache, Sun and IIS web servers' privileges.

This vulnerability affects the following supported versions:
7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3 

The following example requests are available:

GET /logo.gif%20HTTP/1.1%0d%0aX-hdr:%20x HTTP/1.1
Host: vulnerable.example.com
Connection: close

GET /logo.gif%20HTTP/1.1%0d%0aHost:%20vulnerable.example.com%0d%0a%0d%0aGET%20/inject.gif HTTP/1.1
Host: vulnerable.example.com