ID CVE-2018-2628
Summary Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Vulnerable Configurations
  • Oracle Weblogic Server 10.3.6.0.0
    cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0
  • Oracle Weblogic Server 12.1.3.0.0
    cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0
  • Oracle Weblogic Server 12.2.1.2.0
    cpe:2.3:a:oracle:weblogic_server:12.2.1.2.0
  • Oracle Weblogic Server 12.2.1.3
    cpe:2.3:a:oracle:weblogic_server:12.2.1.3
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-502
CAPEC
exploit-db via4
  • description Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution. CVE-2018-2628. Remote exploit for Multiple platform
    file exploits/multiple/remote/44553.py
    id EDB-ID:44553
    last seen 2018-05-24
    modified 2018-04-22
    platform multiple
    port
    published 2018-04-22
    reporter Exploit-DB
    source https://www.exploit-db.com/download/44553/
    title Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution
    type remote
  • description Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit). CVE-2018-2628. Remote exploit for Windows platform. Tags: Metasploit Framework (...
    file exploits/windows/remote/45193.rb
    id EDB-ID:45193
    last seen 2018-08-13
    modified 2018-08-13
    platform windows
    port 7001
    published 2018-08-13
    reporter Exploit-DB
    source https://www.exploit-db.com/download/45193/
    title Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)
    type remote
  • file exploits/multiple/remote/46513.java
    id EDB-ID:46513
    last seen 2019-03-07
    modified 2019-01-03
    platform multiple
    port
    published 2019-01-03
    reporter Exploit-DB
    source https://www.exploit-db.com/download/46513
    title Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
    type remote
metasploit via4
nessus via4
  • NASL family Web Servers
    NASL id WEBLOGIC_CVE_2018_2628.NASL
    description The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server. Note that this plugin does not attempt to exploit this RCE directly and instead checks for the presence of the patch Oracle supplied in the April 2018 critical patch update (CPU).
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 109429
    published 2018-04-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109429
    title Oracle WebLogic Server Deserialization RCE (CVE-2018-2628)
  • NASL family Misc.
    NASL id ORACLE_WEBLOGIC_SERVER_CPU_APR_2018.NASL
    description The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 109201
    published 2018-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109201
    title Oracle WebLogic Server Multiple Vulnerabilities (April 2018 CPU)
packetstorm via4
refmap via4
bid 103776
confirm http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
exploit-db
  • 44553
  • 45193
  • 46513
misc https://github.com/brianwrf/CVE-2018-2628
sectrack 1040696
the hacker news via4
id THN:B899834FCFF1D593C20E11F19F0E6769
last seen 2018-05-06
modified 2018-04-30
published 2018-04-30
reporter Swati Khandelwal
source https://thehackernews.com/2018/04/oracle-weblogic-rce-exploit.html
title Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again
Last major update 18-04-2018 - 22:29
Published 18-04-2018 - 22:29
Last modified 29-04-2019 - 17:01
Back to Top