Exploit for #VU27477 Deserialization of Untrusted Data in Oracle WebLogic Server

Vulnerability identifier: #VU27477

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2020-2883

CWE-ID: CWE-502

Exploitation vector: Network

Exploits in database: 9

• November 16, 2021
  • POC_CVE-2020-2883 (POC for CVE-2020-2883) [Github]
• November 30, 2020
  • CVE-2020-2883 (CVE-2020-2883) [Github]
• October 16, 2020
  • CVE-2020-2883 () [Github]
• August 21, 2020
  • WebLogic-Shiro-shell (WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell) [Github]
• July 20, 2020
  • CVE-2020-14645 () [Github]
• June 4, 2020
  • WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp [Metasploit]
• June 3, 2020
  • CVE-2020-2883 (Weblogic coherence.jar RCE) [Github]
  • Weblogic_CVE-2020-2883_POC (Proof of concept for Weblogic CVE-2020-2883) [Github]
  • weblogicPoc (Weblogic Vuln POC EXP cve-2020-2551 cve-2020-2555 cve-2020-2883 ，。。。) [Github]

Vulnerable software:
Oracle WebLogic Server
Server applications / Application servers

Vendor: Oracle