Packet Storm

exploit the possibilities

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

WebLogic Server Deserialization Remote Code Execution: Posted Jun 4, 2020; Authored by Shelby Pace, Y4er, Quynh Le | Site metasploit.com; This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.; tags | exploit, java, remote, arbitrary, code execution, protocol; advisories | CVE-2020-2883; SHA-256 | d85d76c6388cafa88aef4ce4d17b77d3a4f2d6383ddcb075ea187fa645df106e; Download | Favorite | View

Related Files

No related files

Top Authors In Last 30 Days

Red Hat 274 files
indoushka 182 files
Ubuntu 100 files
Gentoo 32 files
Debian 16 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Tags

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,130)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,410)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,894)
UNIX (9,463)
UnixWare (188)
Windows (6,782)
Other

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec