Signature Detail

APP: Oracle WebLogic Server Node Manager Command Execution

This signature detects attempts to exploit a known command execution vulnerability in Oracle WebLogic Server Node Manager utility. It is due to the fact that certain script execution functionality of the Node Manager utility can be accessed remotely without authentication. A remote unauthenticated attacker can leverage this by sending a crafted message to the vulnerable process on port 5556/TCP. Successful exploitation can result in execution of arbitrary commands within the security context of the target process.

Extended Description

Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands. Successful attacks can compromise the affected software and possibly the computer. Oracle WebLogic Server 10.3.2 is vulnerable; other versions may also be affected.

Affected Products

• Oracle Weblogic Server 10
• Oracle Weblogic Server 10.0 MP1
• Oracle Weblogic Server 10.0 MP2
• Oracle Weblogic Server 10.3
• Oracle Weblogic Server 10.3.1
• Oracle Weblogic Server 10.3.2
• Oracle Weblogic Server 7.0
• Oracle Weblogic Server 7.0 MP2
• Oracle Weblogic Server 7.0 MP4
• Oracle Weblogic Server 7.0 MP5
• Oracle Weblogic Server 7.0 SP7
• Oracle Weblogic Server 8.1
• Oracle Weblogic Server 8.1 MP4
• Oracle Weblogic Server 8.1 MP6
• Oracle Weblogic Server 8.1 SP6
• Oracle Weblogic Server 9.2
• Oracle Weblogic Server 9.2 MP1
• Oracle Weblogic Server 9.2 MP2
• Oracle Weblogic Server 9.2 MP3

References

• BugTraq: 37926
• CVE: CVE-2010-0073