Vulnerabilities > CVE-2020-2555 - Deserialization of Untrusted Data vulnerability in Oracle products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id EDB-ID:48320 last seen 2020-04-14 modified 2020-04-14 published 2020-04-14 reporter Exploit-DB source https://www.exploit-db.com/download/48320 title Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution id EDB-ID:48508 last seen 2020-05-22 modified 2020-05-22 published 2020-05-22 reporter Exploit-DB source https://www.exploit-db.com/download/48508 title WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
Metasploit
| description | There exists a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers. |
| id | MSF:EXPLOIT/MULTI/MISC/WEBLOGIC_DESERIALIZE_BADATTRVAL |
| last seen | 2020-06-14 |
| modified | 2020-05-19 |
| published | 2020-05-04 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb |
| title | WebLogic Server Deserialization RCE - BadAttributeValueExpException |
Packetstorm
data source https://packetstormsecurity.com/files/download/157207/oraclewls122140-exec.txt id PACKETSTORM:157207 last seen 2020-04-20 published 2020-04-14 reporter nu11secur1ty source https://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html title Oracle WebLogic Server 12.2.1.4.0 Remote Code Execution data source https://packetstormsecurity.com/files/download/157054/oraclecoherencefusion-exec.txt id PACKETSTORM:157054 last seen 2020-04-03 published 2020-04-02 reporter nu11secur1ty source https://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html title Oracle Coherence Fusion Middleware Remote Code Execution data source https://packetstormsecurity.com/files/download/157795/weblogic_deserialize_badattrval.rb.txt id PACKETSTORM:157795 last seen 2020-05-22 published 2020-05-21 reporter Shelby Pace source https://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html title WebLogic Server Deserialization Remote Code Execution
Saint
| description | Oracle WebLogic Server BadAttributeValueExpException deserialization |
| id | web_dev_weblogic |
| title | weblogic_badattributevalueexp_deserialization |
| type | remote |
References
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html