Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for CNVD-C-2019-48814 #607

Merged
merged 7 commits into from May 8, 2019

Conversation

Projects
None yet
2 participants
@sempf
Copy link
Contributor

commented Apr 27, 2019

New vulnerability similar to 10271 in WebLogic, https://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93. This request discovers the endpoint, although it does not determine exploitability.

@sullo

This comment has been minimized.

Copy link
Owner

commented Apr 29, 2019

Does this request/response actually show vulnerability or just identifies that it could be vulnerable? I ask because the medium post specifically mentions:

Scenario-1: Find and delete wls9_async_response.war, wls-wsat.war and restart the Weblogic service
Scenario-2: Controls URL access for the /_async/* and /wls-wsat/* paths by access policy control.
@sempf

This comment has been minimized.

Copy link
Contributor Author

commented Apr 29, 2019

Right now, if you expose this endpoint you are vulnerable. There is no patch. I have not been able to find any exploitation scripts that I trust yet, and don't have the skill/cycles to write one. But most people don't even know they are exposed.

@sempf

This comment has been minimized.

Copy link
Contributor Author

commented Apr 30, 2019

Hey, Chris, do you want me to pull out all of these WebLogic vulns and make a separate DB file? The db_tests file is getting kinda large.

@sullo sullo merged commit 4ce5282 into sullo:master May 8, 2019

@sullo

This comment has been minimized.

Copy link
Owner

commented May 8, 2019

@sempf I'm not terribly worried about the size (right now) as the updates should come from git and just be diffs.

@sempf

This comment has been minimized.

Copy link
Contributor Author

commented May 8, 2019

Ok, that's a good point.

Let me know how else I can help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.