Executive Summary
Summary | |
---|---|
Title | Oracle WebLogic Node Manager allows arbitrary configuration via UNC path |
Informations | |||
---|---|---|---|
Name | VU#924300 | First vendor Publication | 2010-10-12 |
Vendor | VU-CERT | Last vendor Modification | 2010-10-12 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#924300Oracle WebLogic Node Manager allows arbitrary configuration via UNC pathOverviewOracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability. This vulnerability could allow a remote attacker to execute arbitrary commands on an affected system.I. DescriptionNode Manager is a WebLogic Server utility that enables you to start, shut down, and restart Administration Server and Managed Server instances from a remote location. An unauthenticated attacker has the ability to set the configuration file via UNC path.An unauthenticated attacker can connect to the Node Manager service and set the configuration file location to a remote UNC path controlled by the attacker. The configuration file specifies the location of the password file, which can also be located on a UNC path controlled by the attacker. After the attacker has authenticated with their own password file they can use built in Node Manager features to execute commands on the Node Manager server. Firewall rules should be implemented to restrict the use of UNC paths on the Node Manager server as well as restricting access to the Node Manager service to only trusted sources.
ReferencesThanks to Carl Livitt of Stach & Liu, LLC for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/924300 |