Oracle WebLogic Server <14.1.1.0.0 - RCE
Title source: llmExploitation Summary
CVE-2023-21839 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 1, 2023.
EIP tracks 9 public exploits from researchers including DXask88MA, ASkyeye, dinosn, including a Metasploit module exploits/multi/iiop/cve_2023_21839_weblogic_rce.
A Nuclei detection template is also available.
AI-analyzed exploit summary This PoC exploits CVE-2023-21839, a JNDI injection vulnerability in Oracle WebLogic Server, by binding a malicious ForeignOpaqueReference object to trigger an LDAP lookup. It leverages reflection to manipulate JNDI environment variables and execute arbitrary code via a remote LDAP server.
Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Exploits (9)
This PoC exploits CVE-2023-21839, a JNDI injection vulnerability in Oracle WebLogic Server, by binding a malicious ForeignOpaqueReference object to trigger an LDAP lookup. It leverages reflection to manipulate JNDI environment variables and execute arbitrary code via a remote LDAP server.
This repository contains a Go-based exploit for CVE-2023-21839, a remote code execution vulnerability in Oracle WebLogic Server. The exploit leverages IIOP/T3 protocol manipulation to achieve RCE without requiring Java dependencies, and includes NAT traversal capabilities.
This is a working PoC for CVE-2024-20931, a bypass of the patch for CVE-2023-21839 in Oracle WebLogic. It exploits a JNDI injection vulnerability to achieve remote code execution by leveraging a malicious LDAP server.
This repository provides an analysis of CVE-2023-21839, a vulnerability in Oracle WebLogic Server related to JNDI lookup/list operations over t3/iiop protocols. It includes call stack details and mentions a tool for exploitation but does not contain actual exploit code.
This PoC exploits CVE-2023-21839, a deserialization vulnerability in Oracle WebLogic Server, by sending crafted T3 protocol messages to achieve remote code execution. The script interacts with the target server to extract keys and inject malicious LDAP references.
This repository contains a GUI-based tool for testing and exploiting CVE-2023-21839 (WebLogic RCE), CVE-2022-39197 (CobaltStrike RCE), and CVE-2023-28432 (MinIO info leak). It includes functional PoC code for WebLogic RCE via JNDI injection and CobaltStrike RCE via Frida-based process manipulation.
This repository contains a functional exploit for CVE-2024-21182, demonstrating unauthenticated remote code execution (RCE) in Oracle WebLogic Server via T3/IIOP JNDI injection. The exploit leverages the `AggregatableOpaqueReference` gadget to bypass previous patches and trigger server-side JNDI resolution against an attacker-controlled LDAP server.
This repository contains a Metasploit auxiliary module for scanning Oracle WebLogic servers vulnerable to CVE-2023-21839, an information disclosure vulnerability that can lead to RCE. The module checks the WebLogic version and attempts to verify exploitation via DNS logging.
This Metasploit module exploits CVE-2023-21839, an unauthenticated RCE vulnerability in Oracle WebLogic via IIOP deserialization of a ForeignOpaqueReference object, leading to JNDI injection and arbitrary code execution as the 'oracle' user.
Nuclei Templates (1)
product:"oracle weblogic"
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N