Vulnerability — CVE-2019-2729

CVE-2019-2729

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2019-2729
Description:: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Last updated date:: 11/10/2022

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 06/15/2019
Reference url to background: https://medium.com/@knownsec404team/knownsec-404-team-alert-again-cve-2019-2725-patch-bypassed-32a6a7b7ca15

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/09/2020
Reference url to background: https://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/19/2020
Reference url to background: https://github.com/ruthlezs/CVE-2019-2729-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/31/2021
Reference url to background: https://github.com/pizza-power/weblogic-CVE-2019-2729-POC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/22/2022
Reference url to background: https://github.com/Luchoane/CVE-2019-2729_creal

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/10/2022
Reference url to background: http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html