admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2020-2555

Browse Source
This commit is contained in:
tardc 2020-04-22 14:38:38 +08:00
parent 42f538edbf
commit cdd2f87416
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
WebLogic/CVE-2020-2555/CVE-2020-2555.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 913 KiB

11
WebLogic/CVE-2020-2555/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2020-2555 WebLogic ReflectionExtractor Remote Code Execution Vulnerability
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence.
**Affected version**: Oracle Coherence 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJCRUEtV2ViTG9naWMtU2VydmVyIg%3D%3D) query rule**: app="BEA-WebLogic-Server"
# Demo
![](CVE-2020-2555.gif)