Oracle WebLogic Server, Remote Code Execution, CVE-2020-14882 (Critical)

Listen to this Post

The CVE-2020-14882 vulnerability is an authorization bypass in the Oracle WebLogic Server console component. The flaw exists due to improper input validation within the console’s HTTP request handling. A remote, unauthenticated attacker can exploit this by sending a specially crafted HTTP GET request to the vulnerable server. The malicious URL path traverses the console’s access control mechanisms, bypassing authentication and authorization checks. This allows the attacker to directly access and interact with administrative endpoints, specifically the console.portal endpoint, which are normally protected. By appending specific parameters to this request, the attacker can then leverage additional components, such as the Java Database Connectivity (JDBC) data source, to achieve remote code execution. This results in the attacker gaining complete control over the affected WebLogic Server instance with the privileges of the underlying operating system user account running the WebLogic service.
Platform: Oracle WebLogic Server
Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Vulnerability : Authorization Bypass

Severity: Critical

date: 2020-10-20

Prediction: 2020-10-20

What Undercode Say:

curl -H “Host: $TARGET” “http://$TARGET:7001/console/css/%252e%252e%252fconsole.portal”

nmap -p7001 –script weblogic-cve-2020-14882

How Exploit:

Crafted HTTP Request

Unauthenticated Access

Remote Code Execution

Protection from this CVE:

Apply October 2020 CPU

Network Segmentation

WAF Virtual Patching

Impact:

Complete System Compromise

Unauthorized Data Access

Service Disruption

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top