Oracle WebLogic Server, Remote Code Execution, CVE-2020-14882 (Critical)

Listen to this Post

The CVE-2020-14882 vulnerability is an authorization bypass in the Oracle WebLogic Server console component. The flaw exists due to improper input validation within the console’s URL handling mechanism. A remote, unauthenticated attacker can exploit this by sending a specially crafted HTTP GET request to the vulnerable server. This request manipulates the URL path to bypass authentication and access control checks for specific, restricted console endpoints. By chaining this with a separate vulnerability, CVE-2020-14883, which allows for code execution on accessed pages, an attacker can achieve complete remote code execution. The exploit grants the attacker the same privileges as the WebLogic server process, typically high-level system access, enabling them to deploy malicious payloads, exfiltrate data, or gain full control over the host system.
Platform: Oracle WebLogic Server
Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Vulnerability : Auth Bypass

Severity: Critical

date: 10/20/2020

Prediction: 01/19/2021

What Undercode Say:

`curl -v http://target:7001/console/images/%252E%252E%252Fconsole.portal`

`nmap -p7001 –script weblogic-cve-2020-14882 `

How Exploit:

Crafted HTTP Request

Unauthenticated Access

RCE via CVE-2020-14883

Protection from this CVE:

Apply CPU Oct 2020

Block /console Path

Network Segmentation

Impact:

Remote Code Execution

Full System Compromise

Data Theft

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top