CVE-2020-14756 PoC — Oracle Fusion Middleware 授权问题漏洞

Source

https://github.com/Y4er/CVE-2020-14756

Associated Vulnerability

Title:Oracle Fusion Middleware 授权问题漏洞 (CVE-2020-14756)
Description:Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Description

WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

Readme

# CVE-2020-14756
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

# README

project base on https://github.com/Y4er/CVE-2020-2555 and [weblogic_cmd](https://github.com/5up3rc/weblogic_cmd/)

test on 12.2.1.4.0 and jdk 1.8.0_221

![image.png](https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/593424/0a190c57-1208-6f7e-7e89-6049cb59eea1.png)


# Reference
1. https://y4er.com/post/weblogic-cve-2020-14756/
2. https://mp.weixin.qq.com/s/E-4wjbKD-iSi0CEMegVmZQ

File Snapshot


 [4.0K]  /data/pocs/0ba87156e1386ce8f702beef6535b69b3b5d1f36
├── [1.8K]  CVE_2020_14756.java
├── [ 485]  README.md
└── [5.3K]  weblogic_t3.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!