Oracle Weblogic - Remote Code Execution (CVE-2018-2894)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Oracle Weblogic is affected by a Remote Code Execution vulnerability. This vulnerability is affecting the WLS subcomponent because the path of
/ws_utc/config.do
is reachable without authentication, meaning that the Weblogic server is in the development mode. The attacker can set a new Work Home Directory which needs to be writable and then upload JKS Keystores, which are Java Server Pages (JSP) files. Uploading a webshell as a JKS, the attacker can successfully achieve Remote Code Execution on the server.- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the Oracle Weblogic to the latest version.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jul 2018
- Published at
- Updated at
- Software Type
- Web server
- Vendor
- Oracle
- Product
- Weblogic