Strike ID:
E19-0sq21
CVSS:
5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
False Positive:
t
Variants:
3
Year:
2019

Description

This strike simulates an arbitrary file upload attack on Oracle Weblogic. The vulnerability is a result of no sanitization for the wl upload application name header. Successful exploitation requires valid credentials and leads to arbitrary file upload and remote code execution.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}