← voltar
CVE-2018-2628

CVE-2018-2628

CVSS 9.8 CRITICALEPSS 99.4%● KEVCWE-502
Em resumo

Uma falha crítica no Oracle WebLogic Server permite que atacantes assumam controle total do servidor sem precisar fazer login. A vulnerabilidade está em como o servidor processa certas comunicações de rede, tornando-a extremamente perigosa e fácil de explorar.

Detalhe técnico

Vulnerabilidade de desserialização insegura (CWE-502) no protocolo T3 do WebLogic permite execução remota de código sem autenticação com acesso à rede. As versões afetadas (10.3.6.0, 12.1.3.0, 12.2.1.2 e 12.2.1.3) não validam adequadamente objetos serializados, permitindo que atacantes criem payloads maliciosos que comprometem completamente o sistema sem autenticação ou interação do usuário.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Oracle Corporation · WebLogic Server
PoCs públicas encontradas29
githubgithub.com/0xn0ne/weblogicScanner2071githubgithub.com/tdy218/ysoserial-cve-2018-2628114githubgithub.com/jas502n/CVE-2018-2628107githubgithub.com/shengqi158/CVE-2018-262878githubgithub.com/forlin/CVE-2018-262820githubgithub.com/aedoo/CVE-2018-2628-MultiThreading15githubgithub.com/jiansiting/weblogic-cve-2018-262814githubgithub.com/0xMJ/CVE-2018-262812githubgithub.com/Lighird/CVE-2018-26289githubgithub.com/Nervous/WebLogic-RCE-exploit5githubgithub.com/likekabin/CVE-2018-26283githubgithub.com/Shadowshusky/CVE-2018-2628all2githubgithub.com/zjxzjx/CVE-2018-2628-detect2githubgithub.com/victor0013/CVE-2018-26281githubgithub.com/skydarker/CVE-2018-26281githubgithub.com/herantong/CVE-2018-26281githubgithub.com/9uest/CVE-2018-26281githubgithub.com/seethen/cve-2018-26280githubgithub.com/cscadoge/weblogic-cve-2018-26280githubgithub.com/shaoshore/CVE-2018-26280githubgithub.com/wrysunny/cve-2018-26280githubgithub.com/stevenlinfeng/CVE-2018-26280githubgithub.com/BabyTeam1024/cve-2018-26280exploitdbwww.exploit-db.com/exploits/45193não verificadocve_referencewww.exploit-db.com/exploits/45193/não verificadocve_referencewww.exploit-db.com/exploits/46513/não verificadoexploitdbwww.exploit-db.com/exploits/46513não verificadoexploitdbwww.exploit-db.com/exploits/44553não verificadocve_referencewww.exploit-db.com/exploits/44553/não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/brianwrf/CVE-2018-2628https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-2628https://www.exploit-db.com/exploits/44553/https://www.exploit-db.com/exploits/45193/https://www.exploit-db.com/exploits/46513/http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.securityfocus.com/bid/103776http://www.securitytracker.com/id/1040696