CVE-2020-14882
Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Severity: CRITICAL
CVE ID: CVE-2020-14882
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-14882
Refrence: Project Discovery GitHub
zhzyker
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Refrence: GitHub
jas502n
CVE-2020–14882、CVE-2020–14883
Refrence: GitHub
s1kr10s
CVE-2020–14882 by Jang
Refrence: GitHub
XTeam-Wing
CVE-2020-14882 Weblogic-Exp
Refrence: GitHub
0thm4n3
Bash script to exploit the Oracle's Weblogic Unauthenticated Remote Command Execution - CVE-2020-14882
Refrence: GitHub
wsfengfan
CVE-2020-14882 EXP 回显
Refrence: GitHub
alexfrancow
Refrence: GitHub
GGyao
CVE-2020-14882批量验证工具。
Refrence: GitHub
ludy-dev
(CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script
Refrence: GitHub
GGyao
CVE-2020-14882_ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。
Refrence: GitHub
ovProphet
CVE-2020-14882 detection script
Refrence: GitHub
NS-Sp4ce
CVE-2020-14882/14883/14750
Refrence: GitHub
mmioimm
Refrence: GitHub
QmF0c3UK
Refrence: GitHub
murataydemir
[CVE-2020-14882] Oracle WebLogic Server Authentication Bypass
Refrence: GitHub
Ormicron
基于qt的图形化CVE-2020-14882漏洞回显测试工具.
Refrence: GitHub
corelight
Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750
Refrence: GitHub
xfiftyone
Refrence: GitHub
BabyTeam1024
Refrence: GitHub
adm1in
CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。
Refrence: GitHub
pwn3z
Refrence: GitHub
milo2012
CVE-2020-14882
Refrence: GitHub
kk98kk0
CVE-2020-14882部署冰蝎内存马
Refrence: GitHub
exploitblizzard
Check YouTube - https://youtu.be/O0ZnLXRY5Wo
Refrence: GitHub
qianniaoge
Refrence: GitHub
N0Coriander
结合14882的未授权访问漏洞,通过14883可远程执行任意代码
Refrence: GitHub
Manor99
Refrence: GitHub
Serendipity-Lucky
综合利用工具
Refrence: GitHub
nik0nz7
Refrence: GitHub
Danny-LLi
This script allows for remote code execution (RCE) on Oracle WebLogic Server
Refrence: GitHub
LucasPDiniz
Takeover of Oracle WebLogic Server
Refrence: GitHub
xMr110
Refrence: GitHub
Content on GitHub
0xn0ne | watchers:1930
weblogicScanner
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
Refrence: GitHub
pprietosanchez | watchers:47
CVE-2020-14750
PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882
Refrence: GitHub
1n7erface | watchers:1081
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
Refrence: GitHub
murataydemir | watchers:14
CVE-2020-14883
[CVE-2020-14882] Oracle WebLogic Server Authenticated Remote Code Execution (RCE)
Refrence: GitHub
zhzyker | watchers:3278
vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Refrence: GitHub