Oracle WebLogic Server RCE (CVE-2020-14882) - Nessus

Critical   Plugin ID: 142594

This page contains detailed information about the Oracle WebLogic Server RCE (CVE-2020-14882) Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

Table Of Contents
hide

Plugin Overview

ID: 142594
Name: Oracle WebLogic Server RCE (CVE-2020-14882)
Filename: oracle_weblogic_server_CVE-2020-14882.nbin
Vulnerability Published: 2020-10-20
This Plugin Published: 2020-11-06
Last Modification Time: 2022-05-03
Plugin Version: 1.21
Plugin Type: remote
Plugin Family: Web Servers
Dependencies: weblogic_detect.nasl
Required KB Items [?]: www/weblogic

Vulnerability Information

Severity: Critical
Vulnerability Published: 2020-10-20
Patch Published: 2020-10-20
CVE [?]: CVE-2020-14750, CVE-2020-14882
CPE [?]: cpe:/a:oracle:fusion_middleware, cpe:/a:oracle:weblogic_server
In the News: True

Synopsis

An application server installed on the remote host is affected by a remote code execution vulnerability.

Description

The version of Oracle WebLogic Server installed on the remote host is affected by a remote code execution vulnerability in the Oracle Fusion Middleware Console subcomponent. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary commands.

No reliable remote exploit has been published for Oracle WebLogic Server 10.3.6.X or 12.1.3.X, so Nessus will not be able to determine if the remote server is affected or not for these versions.

Solution

Apply the appropriate patch according to the October 2020 Oracle Critical Patch Update advisory and the Oracle Security Alert advisory for CVE-2020-14750.

Public Exploits

Target Network Port(s): 7001
Target Asset(s): Services/www
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub)
Exploit Ease: Exploits are available

Here's the list of publicly known exploits and PoCs for verifying the Oracle WebLogic Server RCE (CVE-2020-14882) vulnerability:

  1. Metasploit: exploit/multi/http/weblogic_admin_handle_rce
    [Oracle WebLogic Server Administration Console Handle RCE]
  2. Exploit-DB: exploits/java/webapps/48971.py
    [EDB-48971: WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request]
  3. Exploit-DB: exploits/java/webapps/49479.py
    [EDB-49479: Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)]
  4. GitHub: https://github.com/jas502n/CVE-2020-14882
    [CVE-2020-14750]
  5. GitHub: https://github.com/kkhacklabs/CVE-2020-14750
    [CVE-2020-14750]
  6. GitHub: https://github.com/r00t4dm/r00t4dm
    [CVE-2020-14750]
  7. GitHub: https://github.com/rabbitsafe/CVE-2021-2109
    [CVE-2020-14750]
  8. GitHub: https://github.com/0day666/Vulnerability-verification
    [CVE-2020-14882]
  9. GitHub: https://github.com/3hm1ly/CVE-2020-14882
    [CVE-2020-14882: CVE-2020-14882部署冰蝎内存马]
  10. GitHub: https://github.com/14601/CVE-2020-14882
    [CVE-2020-14882]
  11. GitHub: https://github.com/AirEvan/CVE-2020-14882-GUI-Test
    [CVE-2020-14882: 基于qt的图形化CVE-2020-14882漏洞回显测试工具.]
  12. GitHub: https://github.com/Ares-X/VulWiki
    [CVE-2020-14882]
  13. GitHub: https://github.com/Astrogeorgeonethree/Starred
    [CVE-2020-14882]
  14. GitHub: https://github.com/BabyTeam1024/CVE-2020-14882
    [CVE-2020-14882]
  15. GitHub: https://github.com/CYJoe-Cyclone/Awesome-CobaltStrike
    [CVE-2020-14882]
  16. GitHub: https://github.com/EdgeSecurityTeam/Vulnerability
    [CVE-2020-14882]
  17. GitHub: https://github.com/FDlucifer/firece-fish
    [CVE-2020-14882]
  18. GitHub: https://github.com/Jean-Francois-C/Windows-Penetration-Testing
    [CVE-2020-14882]
  19. GitHub: https://github.com/Mr-xn/Penetration_Testing_POC
    [CVE-2020-14882]
  20. GitHub: https://github.com/Ormicron/CVE-2020-14882-GUI-Test
    [CVE-2020-14882: 基于qt的图形化CVE-2020-14882漏洞回显测试工具.]
  21. GitHub: https://github.com/QmF0c3UK/CVE-2020-14882
    [CVE-2020-14882]
  22. GitHub: https://github.com/RedTeamWing/CVE-2020-14882
    [CVE-2020-14882: CVE-2020-14882 Weblogic-Exp]
  23. GitHub: https://github.com/SexyBeast233/SecBooks
    [CVE-2020-14882]
  24. GitHub: https://github.com/ShmilySec/CVE-2020-14882
    [CVE-2020-14882: CVE-2020-14882部署冰蝎内存马]
  25. GitHub: https://github.com/SouthWind0/southwind0.github.io
    [CVE-2020-14882]
  26. GitHub: https://github.com/Umarovm/-Patched-McMaster-University-Blind-Command-Injection
    [CVE-2020-14882: (patched) This targets McMaster University's website and takes advantage of ...]
  27. GitHub: https://github.com/adm1in/CodeTest
    [CVE-2020-14882: CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利� ...]
  28. GitHub: https://github.com/alexfrancow/CVE-2020-14882
    [CVE-2020-14882]
  29. GitHub: https://github.com/amcai/myscan
    [CVE-2020-14882]
  30. GitHub: https://github.com/bhassani/Recent-CVE
    [CVE-2020-14882]
  31. GitHub: https://github.com/bhdresh/SnortRules
    [CVE-2020-14882]
  32. GitHub: https://github.com/bigblackhat/oFx
    [CVE-2020-14882]
  33. GitHub: https://github.com/bonjourmalware/melody
    [CVE-2020-14882]
  34. GitHub: https://github.com/cvebase/cvebase-wiki
    [CVE-2020-14882]
  35. GitHub: https://github.com/daehee/nvd
    [CVE-2020-14882]
  36. GitHub: https://github.com/exploitblizzard/CVE-2020-14882-WebLogic
    [CVE-2020-14882: Check YouTube - https://youtu.be/O0ZnLXRY5Wo]
  37. GitHub: https://github.com/hanc00l/some_pocsuite
    [CVE-2020-14882]
  38. GitHub: https://github.com/ihebski/A-Red-Teamer-diaries
    [CVE-2020-14882]
  39. GitHub: https://github.com/jeansgit/Pentest
    [CVE-2020-14882]
  40. GitHub: https://github.com/koala2099/GitHub-Chinese-Top-Charts
    [CVE-2020-14882]
  41. GitHub: https://github.com/koutto/jok3r-pocs
    [CVE-2020-14882]
  42. GitHub: https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
    [CVE-2020-14882]
  43. GitHub: https://github.com/mmioimm/cve-2020-14882
    [CVE-2020-14882]
  44. GitHub: https://github.com/neilzhang1/Chinese-Charts
    [CVE-2020-14882]
  45. GitHub: https://github.com/niudaii/go-crack
    [CVE-2020-14882]
  46. GitHub: https://github.com/pwn3z/CVE-2020-14882-WebLogic
    [CVE-2020-14882]
  47. GitHub: https://github.com/qeeqbox/falcon
    [CVE-2020-14882]
  48. GitHub: https://github.com/qingyuanfeiniao/Chinese-Top-Charts
    [CVE-2020-14882]
  49. GitHub: https://github.com/r0eXpeR/redteam_vul
    [CVE-2020-14882]
  50. GitHub: https://github.com/securitysqs/poc
    [CVE-2020-14882]
  51. GitHub: https://github.com/sickwell/CVE-2020-14882
    [CVE-2020-14882: PoC for CVE-2020-14882]
  52. GitHub: https://github.com/veo/vscan
    [CVE-2020-14882]
  53. GitHub: https://github.com/whoadmin/pocs
    [CVE-2020-14882]
  54. GitHub: https://github.com/wuzuowei/nice-scripts
    [CVE-2020-14882]
  55. GitHub: https://github.com/x51/CVE-2020-14882
    [CVE-2020-14882]
  56. GitHub: https://github.com/xfiftyone/CVE-2020-14882
    [CVE-2020-14882]
  57. GitHub: https://github.com/xiaoyaovo/2021SecWinterTask
    [CVE-2020-14882]
  58. GitHub: https://github.com/xkx518/CodeTest
    [CVE-2020-14882: CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利� ...]
  59. GitHub: https://github.com/zer0yu/Awesome-CobaltStrike
    [CVE-2020-14882]
  60. GitHub: https://github.com/zhzyker/vulmap
    [CVE-2020-14882]
  61. GitHub: https://github.com/corelight/CVE-2020-14882-weblogicRCE
    [CVE-2020-14750: Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750]
  62. GitHub: https://github.com/pprietosanchez/CVE-2020-14750
    [CVE-2020-14750: PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882]
  63. GitHub: https://github.com/0thm4n3/cve-2020-14882
    [CVE-2020-14882: Bash script to exploit the Oracle's Weblogic Unauthenticated Remote Command ...]
  64. GitHub: https://github.com/0xn0ne/weblogicScanner
    [CVE-2020-14882: weblogic ...]
  65. GitHub: https://github.com/corelight/CVE-2020-14882-weblogicRCE
    [CVE-2020-14882: Detection of RCE in Oracle's WebLogic Server CVE-2020-14882 / CVE-2020-14750]
  66. GitHub: https://github.com/GGyao/CVE-2020-14882_ALL
    [CVE-2020-14882: CVE-2020-14882_ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。]
  67. GitHub: https://github.com/GGyao/CVE-2020-14882_POC
    [CVE-2020-14882: CVE-2020-14882批量验证工具。]
  68. GitHub: https://github.com/jas502n/CVE-2020-14882
    [CVE-2020-14882: CVE-2020–14882、CVE-2020–14883]
  69. GitHub: https://github.com/ludy-dev/Weblogic_Unauthorized-bypass-RCE
    [CVE-2020-14882: (CVE-2020-14882) Oracle Weblogic Unauthorized bypass RCE test script]
  70. GitHub: https://github.com/milo2012/CVE-2020-14882
    [CVE-2020-14882]
  71. GitHub: https://github.com/murataydemir/CVE-2020-14882
    [CVE-2020-14882: [CVE-2020-14882] Oracle WebLogic Server Authentication Bypass]
  72. GitHub: https://github.com/murataydemir/CVE-2020-14883
    [CVE-2020-14882: [CVE-2020-14882] Oracle WebLogic Server Authenticated Remote Code Execution (RCE) ...]
  73. GitHub: https://github.com/N0Coriander/CVE-2020-14882-14883
    [CVE-2020-14882: 利用14882的未授权访问漏洞,结合14883可直接远程命令执行]
  74. GitHub: https://github.com/nice0e3/CVE-2020-14882_Exploit_Gui
    [CVE-2020-14882: CVE-2020-14882_Exploit 支持12.2.X和10.3.6版本,12.2.x可回显]
  75. GitHub: https://github.com/NS-Sp4ce/CVE-2020-14882
    [CVE-2020-14882: CVE-2020-14882/14883/14750]
  76. GitHub: https://github.com/ovProphet/CVE-2020-14882-checker
    [CVE-2020-14882: CVE-2020-14882 detection script]
  77. GitHub: https://github.com/pprietosanchez/CVE-2020-14750
    [CVE-2020-14882: PoC para las vulnerabilidades CVE-2020-14750 y cve-2020-14882]
  78. GitHub: https://github.com/s1kr10s/CVE-2020-14882
    [CVE-2020-14882: CVE-2020–14882 by Jang]
  79. GitHub: https://github.com/wsfengfan/cve-2020-14882
    [CVE-2020-14882: CVE-2020-14882 EXP 回显]
  80. GitHub: https://github.com/XTeam-Wing/CVE-2020-14882
    [CVE-2020-14882: CVE-2020-14882 Weblogic-Exp]
  81. GitHub: https://github.com/Yang0615777/PocList
    [CVE-2020-14882: Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-2 ...]
  82. GitHub: https://github.com/zhzyker/exphub
    [CVE-2020-14882: Exphub[漏洞利用脚本库] ...]

Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.

WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.

Risk Information

CVSS Score Source [?]: CVE-2020-14882
CVSS V2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
CVSS Base Score:10.0 (High)
Impact Subscore:10.0
Exploitability Subscore:10.0
CVSS Temporal Score:8.7 (High)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:8.7 (High)
CVSS V3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CVSS Base Score:9.8 (Critical)
Impact Subscore:5.9
Exploitability Subscore:3.9
CVSS Temporal Score:9.4 (Critical)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:9.4 (Critical)
STIG Severity [?]: I
STIG Risk Rating: High

Go back to menu.

Plugin Source

The oracle_weblogic_server_CVE-2020-14882.nbin Nessus plugin is distributed in a propriatory binary format and its source code is protected. This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.

The latest version of this script can be found in these locations depending on your platform:

  • Linux / Unix:
    /opt/nessus/lib/nessus/plugins/oracle_weblogic_server_CVE-2020-14882.nbin
  • Windows:
    C:\ProgramData\Tenable\Nessus\nessus\plugins\oracle_weblogic_server_CVE-2020-14882.nbin
  • Mac OS X:
    /Library/Nessus/run/lib/nessus/plugins/oracle_weblogic_server_CVE-2020-14882.nbin

Go back to menu.

How to Run

Here is how to run the Oracle WebLogic Server RCE (CVE-2020-14882) as a standalone plugin via the Nessus web user interface (https://localhost:8834/):

  1. Click to start a New Scan.
  2. Select Advanced Scan.
  3. Navigate to the Plugins tab.
  4. On the top right corner click to Disable All plugins.
  5. On the left side table select Web Servers plugin family.
  6. On the right side table select Oracle WebLogic Server RCE (CVE-2020-14882) plugin ID 142594.
  7. Specify the target on the Settings tab and click to Save the scan.
  8. Run the scan.

Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.

Basic usage:

/opt/nessus/bin/nasl oracle_weblogic_server_CVE-2020-14882.nbin -t <IP/HOST>

Run the plugin with audit trail message on the console:

/opt/nessus/bin/nasl -a oracle_weblogic_server_CVE-2020-14882.nbin -t <IP/HOST>

Run the plugin with trace script execution written to the console (useful for debugging):

/opt/nessus/bin/nasl -T - oracle_weblogic_server_CVE-2020-14882.nbin -t <IP/HOST>

Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):

/opt/nessus/bin/nasl -K /tmp/state oracle_weblogic_server_CVE-2020-14882.nbin -t <IP/HOST>

Go back to menu.

References

IAVA | Information Assurance Vulnerability Alert:
  • 2020-A-0478
See also: Similar and related Nessus plugins:
  • 145264 - Oracle WebLogic Server Multiple Vulnerabilities (Jan 2021 CPU)
  • 141807 - Oracle WebLogic Server Multiple Vulnerabilities (Oct 2020 CPU)
  • 64708 - Oracle Application Express (Apex) CVE-2009-0981
  • 64714 - Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)
  • 57619 - Oracle Application Server Multiple Vulnerabilities
  • 124156 - Oracle Fusion Middleware Oracle HTTP Server (Apr 2019 CPU)
  • 159947 - Oracle HTTP Server (Apr 2022 CPU)
  • 81003 - Oracle Fusion Middleware Security Service Information Disclosure (January 2015 CPU) (BEAST)
  • 81002 - Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
  • 106299 - Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)
  • 156944 - Oracle HTTP Server (Jan 2022 CPU)
  • 69301 - Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities
  • 92542 - Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (July 2016 CPU)
  • 126781 - Oracle Fusion Middleware Oracle HTTP Server (Jul 2019 CPU)
  • 17731 - Oracle HTTP Server (October 2006 CPU)
  • 86569 - Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)
  • 124090 - Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2018 CPU)
  • 142212 - Oracle Fusion Middleware Oracle HTTP Server (Oct 2020 CPU)
  • 154340 - Oracle HTTP Server (Oct 2021 CPU)
  • 138509 - Oracle WebLogic IIOP JNDI Lookup RCE Direct Check
  • 124462 - Oracle WebLogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.3 Java Object Deserialization RCE (CVE-2018-3191)
  • 125265 - Oracle WebLogic Server Java Object Deserialization RCE (CVE-2018-3245)
  • 138074 - Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)

Version

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file oracle_weblogic_server_CVE-2020-14882.nbin version 1.21. For more plugins, visit the Nessus Plugin Library.

Go back to menu.