Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CVE reference and datastore options for WebLogic exploit #11861

Merged
merged 4 commits into from May 22, 2019

Conversation

Projects
None yet
3 participants
@wchen-r7
Copy link
Contributor

commented May 20, 2019

This updates the weblogic_deserialize_asyncresponseservice exploit for the following:

  • CVE reference: Instead of CVE-2019-2725, it should be CVE-2017-10271.
  • Registering the right datastore option with the standard TARGET_URI. Please note: for NAT scenarios, you can use the VHOST option, which is always built-in.
@wvu-r7
Copy link
Contributor

left a comment

Code looks good.

@wvu-r7

wvu-r7 approved these changes May 22, 2019

@wvu-r7 wvu-r7 self-assigned this May 22, 2019

@wvu-r7 wvu-r7 merged commit ff0ad88 into rapid7:master May 22, 2019

wvu-r7 added a commit that referenced this pull request May 22, 2019

@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented May 22, 2019

Release Notes

This updates exploit/multi/misc/weblogic_deserialize_asyncresponseservice to reference the correct CVE and consolidates on the TARGETURI option.

msjenkins-r7 added a commit that referenced this pull request May 22, 2019

@gdavidson-r7 gdavidson-r7 added the rn-fix label May 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.