Skip to content
/ oracle-vuln-crawler Public

抓取 Weblogic 等 Oracle 组件的历史漏洞信息

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zema1/oracle-vuln-crawler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
main.go
main.go
 
 
weblogic.md
weblogic.md
 
 

Repository files navigation

一个 Oracle 历史漏洞爬取工具

通过制定关键字,可以自动检索 WebLogic, Database, Management Center, Testing Suite 等历史漏洞并统计。

准备

go build .

运行

  • 检索所有历史 WebLogic 漏洞,输出到屏幕
./main --filter WebLogic
  • 检索所有历史 WebLogic 漏洞, 输出到 weblogic.md
./main --filter WebLogic --output weblogic.md
  • 检索所有历史 WebLogic 漏洞,输出到 weblogic.md,并检查对应 CVE github 是否有 repo, token 是 Github Token, 越多速度越快,同一账户的多个 token 会被视为一个。
./main --filter WebLogic --output weblogic.md --tokens token1,token2,token3
  • 抽取 Github 搜索结果不为 No 的
awk -F '|' '$9!=" No "  {print $0}' weblogic.md > weblogic2.md

Weblogic Demo

CVE-ID Product Component Protocol NeedAuth AffectedVersion Alert/Patch GithubInfo
CVE-2020-2546 Oracle WebLogic Server Application Container - JavaEE T3 false 10.3.6.0.0,12.1.3.0.0 CPU - January 2020 Yes
CVE-2020-2551 Oracle WebLogic Server WLS Core Components IIOP false 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0,12.2.1.4.0 CPU - January 2020 Yes
CVE-2015-9251 Oracle WebLogic Server Sample apps (jQuery) HTTP false 12.1.3.0,12.2.1.3 CPU - January 2019 Yes
CVE-2019-2888 Oracle WebLogic Server EJB Container HTTP false 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0,12.2.1.4.0 CPU - October 2019 Yes
CVE-2015-9251 Oracle WebLogic Server Web Services (jQuery) HTTP false 12.1.3.0.0,12.2.1.3.0 CPU - October 2019 Yes
CVE-2019-11358 Oracle WebLogic Server Sample apps (jQuery) HTTP false 12.1.3.0.0,12.2.1.3.0 CPU - October 2019 Yes
CVE-2019-11358 Oracle WebLogic Server Console (jQuery) HTTP false 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0 CPU - October 2019 Yes
CVE-2019-2890 Oracle WebLogic Server Web Services T3 true 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0 CPU - October 2019 Yes
CVE-2019-2729 Oracle WebLogic Server Web Services HTTP false 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0 Alert for CVE-2019-2729 Yes
CVE-2019-2725 Oracle WebLogic Server Web Services HTTP false 10.3.6.0,12.1.3.0 Alert for CVE-2019-2725 Yes
CVE-2019-2615 Oracle WebLogic Server WLS Core Components HTTP true 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0 CPU - April 2019 Yes
CVE-2019-2618 Oracle WebLogic Server WLS Core Components HTTP true 10.3.6.0.0,12.1.3.0.0,12.2.1.3.0 CPU - April 2019 Yes
CVE-2015-7501 Oracle WebLogic Server None HTTP false 10.3.6.0,12.1.3.0,12.2.1.0 CPU - October 2016 Yes
CVE-2018-3248 Oracle WebLogic Server WLS - Web Services HTTP false 10.3.6.0 CPU - October 2018 Yes
CVE-2018-3252 Oracle WebLogic Server WLS Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.3 CPU - October 2018 Yes
CVE-2018-3245 Oracle WebLogic Server WLS Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.3 CPU - October 2018 Yes
CVE-2018-3191 Oracle WebLogic Server WLS Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.3 CPU - October 2018 Yes
CVE-2017-7525 Oracle WebLogic Server Sample apps (jackson-databind) HTTP false 10.3.6.0,12.1.3.0,12.2.1.2,12.2.1.3 CPU - April 2018 Yes
CVE-2015-7501 Oracle WebLogic Portal - (Apache Commons Collections) HTTP true 10.3.6.0.0 CPU - April 2018 Yes
CVE-2018-2628 Oracle WebLogic Server WLS Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.2,12.2.1.3 CPU - April 2018 Yes
CVE-2017-5645 Oracle WebLogic Server WL Diagnostics Framework (Apache Log4j) HTTP false 10.3.6.0,12.1.3.0,12.2.1.2,12.2.1.3 CPU - April 2018 Yes
CVE-2018-2893 Oracle WebLogic Server WLS Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.2,12.2.1.3 CPU - July 2018 Yes
CVE-2018-2894 Oracle WebLogic Server WLS - Web Services HTTP false 12.1.3.0,12.2.1.2,12.2.1.3 CPU - July 2018 Yes
CVE-2018-7489 Oracle WebLogic Server Console (jackson-databind) HTTP false 12.2.1.2,12.2.1.3 CPU - July 2018 Yes
CVE-2017-5645 Oracle WebLogic Server Sample apps (Apache Log4j) TCP/UDP false 10.3.6.0.0,12.1.3.0.0,12.2.1.2.0,12.2.1.3.0 CPU - January 2018 Yes
CVE-2017-10352 Oracle WebLogic Server WLS - Web Services HTTP false 12.2.1.3.0 CPU - January 2018 Yes
CVE-2017-10148 Oracle WebLogic Server Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.1,12.2.1.2 CPU - July 2017 Yes
CVE-2017-10147 Oracle WebLogic Server Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.1,12.2.1.2 CPU - July 2017 Yes
CVE-2017-5638 Oracle WebLogic Server Sample apps (Struts 2) HTTP false 10.3.6.0,12.1.3.0,12.2.1.1,12.2.1.2 CPU - July 2017 Yes
CVE-2017-10271 Oracle WebLogic Server WLS Security T3 false 10.3.6.0.0,12.1.3.0.0,12.2.1.1.0,12.2.1.2.0 CPU - October 2017 Yes
CVE-2017-10352 Oracle WebLogic Server WLS-WebServices HTTP false 10.3.6.0.0,12.1.3.0.0,12.2.1.1.0,12.2.1.2.0,12.2.1.3.0 CPU - October 2017 Yes
CVE-2017-3506 Oracle WebLogic Server Web Services HTTP false 10.3.6.0,12.1.3.0,12.2.1.0,12.2.1.1,12.2.1.2 CPU - April 2017 Yes
CVE-2017-5638 Oracle WebLogic Server Samples (Struts 2) HTTP false 10.3.6.0,12.1.3.0,12.2.1.0,12.2.1.1,12.2.1.2 CPU - April 2017 Yes
CVE-2017-3248 Oracle WebLogic Server Core Components T3 false 10.3.6.0,12.1.3.0,12.2.1.0,12.2.1.1 CPU - January 2017 Yes
CVE-2016-0638 Oracle WebLogic Server Java Messaging Service JMS false 10.3.6,12.1.2,12.1.3,12.2.1 CPU - April 2016 Yes
CVE-2016-3510 Oracle WebLogic Server WLS Core Components HTTP false 10.3.6.0,12.1.3.0,12.2.1.0 CPU - July 2016 Yes
CVE-2013-2186 Oracle WebLogic Portal HTTP Core Services false 10.3.6 CPU - January 2016 Yes
CVE-2015-4852 Oracle WebLogic Server T3 WLS Security false 10.3.6.0,12.1.2.0,12.1.3.0,12.2.1.0 Alert for CVE-2015-4852 Yes
CVE-2013-2186 Oracle WebLogic Server HTTP WLS Config, WLS Console false 10.3.6.0,12.1.1.0,12.1.2.0,12.1.3.0 CPU - January 2015 Yes
CVE-2014-0114 Oracle WebLogic Portal HTTP Third Party Tools false 10.0.1.0,10.2.1.0,10.3.6.0 CPU - January 2015 Yes

About

抓取 Weblogic 等 Oracle 组件的历史漏洞信息

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages