Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-2893

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

POC

Reference

- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/0xn0ne/weblogicScanner

- https://github.com/1o24er/RedTeam

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet

- https://github.com/Al1ex/Red-Team

- https://github.com/Apri1y/Red-Team-links

- https://github.com/BrittanyKuhn/javascript-tutorial

- https://github.com/Bywalks/WeblogicScan

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Draven996/CVE-2018-2893

- https://github.com/Echocipher/Resource-list

- https://github.com/GhostTroops/TOP

- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

- https://github.com/Harmoc/CTFTools

- https://github.com/Hatcat123/my_stars

- https://github.com/JERRY123S/all-poc

- https://github.com/JasonLOU/WeblogicScan-master

- https://github.com/KimJun1010/WeblogicTool

- https://github.com/MacAsure/WL_Scan_GO

- https://github.com/Micr067/CMS-Hunter

- https://github.com/MrSyst1m/weblogic

- https://github.com/Ondrik8/RED-Team

- https://github.com/PalindromeLabs/Java-Deserialization-CVEs

- https://github.com/ParrotSec-CN/ParrotSecCN_Community_QQbot

- https://github.com/QChiLan/weblogic

- https://github.com/QChiLan/weblogicscanner

- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories

- https://github.com/SecWiki/CMS-Hunter

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ShyTangerine/WL_Scan_GO

- https://github.com/Weik1/Artillery

- https://github.com/ZTK-009/RedTeamer

- https://github.com/aiici/weblogicAllinone

- https://github.com/angeloqmartin/Vulnerability-Assessment

- https://github.com/artofwar344/CVE-2018-2893

- https://github.com/awake1t/Awesome-hacking-tools

- https://github.com/awsassets/weblogic_exploit

- https://github.com/bigsizeme/CVE-2018-2893

- https://github.com/cross2to/betaseclab_tools

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/djytmdj/Tool_Summary

- https://github.com/dk47os3r/hongduiziliao

- https://github.com/dr0op/WeblogicScan

- https://github.com/drizzle888/CTFTools

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/followboy1999/weblogic-deserialization

- https://github.com/forhub2021/weblogicScanner

- https://github.com/hanc00l/some_pocsuite

- https://github.com/hanc00l/weblogic_unserialize_exploit

- https://github.com/hasee2018/Safety-net-information

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/hktalent/TOP

- https://github.com/hmoytx/weblogicscan

- https://github.com/huan-cdm/secure_tools_link

- https://github.com/hudunkey/Red-Team-links

- https://github.com/ianxtianxt/CVE-2018-2893

- https://github.com/ianxtianxt/CVE-2018-3245

- https://github.com/iceberg-N/WL_Scan_GO

- https://github.com/jas502n/CVE-2018-2893

- https://github.com/jas502n/CVE-2018-3245

- https://github.com/jbmihoub/all-poc

- https://github.com/john-80/-007

- https://github.com/koutto/jok3r-pocs

- https://github.com/landscape2024/RedTeam

- https://github.com/lanmaovp-dev/shexiangshi-cm-YVJsF2HuAHndPiLB

- https://github.com/lnick2023/nicenice

- https://github.com/lp008/Hack-readme

- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet

- https://github.com/nihaohello/N-MiddlewareScan

- https://github.com/nobiusmallyu/kehai

- https://github.com/oneplus-x/jok3r

- https://github.com/onewinner/VulToolsKit

- https://github.com/password520/RedTeamer

- https://github.com/pyn3rd/CVE-2018-2893

- https://github.com/pyn3rd/CVE-2018-3245

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/qi4L/WeblogicScan-go

- https://github.com/qi4L/WeblogicScan.go

- https://github.com/qianl0ng/CVE-2018-2893

- https://github.com/rabbitmask/WeblogicScan

- https://github.com/rabbitmask/WeblogicScanLot

- https://github.com/rabbitmask/WeblogicScanServer

- https://github.com/ryanInf/CVE-2018-2893

- https://github.com/safe6Sec/WeblogicVuln

- https://github.com/shengqi158/CVE-2018-2628

- https://github.com/slimdaddy/RedTeam

- https://github.com/soosmile/cms-V

- https://github.com/sp4zcmd/WeblogicExploit-GUI

- https://github.com/sry309/CVE-2018-2893

- https://github.com/svbjdbk123/-

- https://github.com/syadg123/WeblogicScan

- https://github.com/theguly/stars

- https://github.com/todo1024/1657

- https://github.com/tomoyamachi/gocarts

- https://github.com/trganda/starrlist

- https://github.com/twensoo/PersistentThreat

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoadmin/pocs

- https://github.com/wr0x00/Lizard

- https://github.com/wr0x00/Lsploit

- https://github.com/wukong-bin/weblogiscan

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xiaoZ-hc/redtool

- https://github.com/yige666/CMS-Hunter

- https://github.com/yut0u/RedTeam-BlackBox

- https://github.com/zema1/oracle-vuln-crawler

- https://github.com/zzwlpx/weblogic