Vulnerability introduction There are roughly two types of weblogic deserialization vulnerabilities, one is based on the t3 protocol and the other is based on xml Vulnerabilities based on the T3 protocol include: CVE-2015-4582, CVE-2016-0638, CVE-2016-3510, CVE-2018-2628, CVE-2020-2555, CVE-2020-2883 Among them, CVE-2020-2883 is a bypass of the CVE-2020-2555 patch, but it is actually similar. Debugging environment […]
Tag: weblogic
Weblogic CVE 2023-21839 vulnerability reappears
WebLogic has a remote code execution vulnerability (CVE-2023-21839/CNVD-2023-04389). Due to a flaw in the Weblogic IIOP/T3 protocol, when the IIOP/T3 protocol is turned on, an unauthenticated attacker is allowed to pass the IIOP/T3 protocol. Network access attacks pose security risks to WebLogic Server. If the vulnerability is successfully exploited, WebLogic Server may be taken over […]
Middleware security-CVE recurrence&Weblogic&Jenkins&GlassFish vulnerability recurrence
Directory Service Attack and Defense-Middleware Security &CVE Recurrence &Weblogic &Jenkins &GlassFish Vulnerability Recurrence Middleware-Weblogic security issues Vulnerability recurrence CVE_2017_3506 vulnerability reappears Middleware-JBoos security issues Vulnerability recurrence CVE-2017-12149 vulnerability reappears CVE-2017-7504 vulnerability reappears Middleware-Jenkins security issues Vulnerability recurrence CVE-2017-1000353 vulnerability reappears CVE-2018-1000861 vulnerability reappears Middleware-Glassfish Security Issues Vulnerability recurrence CVE-2017-1000028 vulnerability reappears Service Attack and Defense-Middleware […]
Weblogic middleware vulnerability collection
1. Deserialization 2. Upload any file 3. Deploy war package in the background 1.Weblogic XMLDecoder deserialization vulnerability (CVE-2017-10271) 1.Vulnerability description Weblogic’s WLS Security component provides webservice services to the outside world. XMLDecoder is used to parse the XML data passed in by the user. During the parsing process, a deserialization vulnerability occurs, allowing arbitrary commands […]
Weblogic background deployment War package
1. What is WebLogic WebLogic is an application server produced by Oracle Corporation of the United States. To be precise, it is a middleware based on the JAVAEE architecture. WebLogic is a Java application server used to develop, integrate, deploy and manage large-scale distributed Web applications, network applications and database applications. Introduce the dynamic capabilities […]
WebLogic deserialization vulnerability (CVE-2019-2890) reappears
1. Vulnerability introduction On October 15, 2019, Oracle officially released the October 2019 security update announcement, which contains a high-risk vulnerability that can cause RCE remote arbitrary code execution. The vulnerability number is CVE-2019-2890. When Weblogic uses the T3 protocol to make remote resource loading calls, it will perform blacklist filtering by default to ensure […]
Weblogic Unauthorized Remote Code Execution Vulnerability (CVE-2023-21839)
Foreword: Weblogic allows remote users to perform JNDI lookup operations through IIOP/T3 without authorization. When the JDK version is too low or javaSerializedData exists locally, this may lead to RCE vulnerabilities. 0x00 Environment Settings In this experiment, we used P God’s vulhub. Start environment: cd /vulhub-master/weblogic/CVE-2023-21839 docker compose up -d After the startup is complete, […]
[WebLogic] Solution to JVM crash caused by WebLogic 2023 third quarter update
Affected versions: Oracle WebLogic 12c (12.2.1.4.0) Oracle WebLogic 14c (14.1.1.0.0) Problem description: The latest version of OPatch (13.9.4.2.13) officially released by Oracle in July 2023 has a new bug (which will cause the following GDR-70005 error when installing WebLogic PSU: Caused by: com.oracle.cie.gdr.utils.LocalizedGdrException: GDR-70005: Failed to apply inventory patching to home. GDR-70005: A failure occurred […]
Weblogic vulnerability recurrence
0x01: Weblogic environment setup Installation package, if you need different versions, you can download it directly from the official website https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html Double click to open Click Next Set account password, Oracle@123 Go to the directory and double-click Enter account password Then access port 7001 Successfully built 0x02: WebLogic XMLDecoder Deserialization Vulnerability (CVE-2017-10271) 1. Vulnerability Principle […]