Short Name |
APP:ORACLE:WEBLOGIC-CMD-EXEC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle WebLogic Server Node Manager Command Execution |
Release Date |
2010/10/01 |
Update Number |
1784 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known command execution vulnerability in Oracle WebLogic Server Node Manager utility. It is due to the fact that certain script execution functionality of the Node Manager utility can be accessed remotely without authentication. A remote unauthenticated attacker can leverage this by sending a crafted message to the vulnerable process on port 5556/TCP. Successful exploitation can result in execution of arbitrary commands within the security context of the target process.
Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands. Successful attacks can compromise the affected software and possibly the computer. Oracle WebLogic Server 10.3.2 is vulnerable; other versions may also be affected.