APP: Oracle WebLogic Server Node Manager Command Execution
This signature detects attempts to exploit a known command execution vulnerability in Oracle WebLogic Server Node Manager utility. It is due to the fact that certain script execution functionality of the Node Manager utility can be accessed remotely without authentication. A remote unauthenticated attacker can leverage this by sending a crafted message to the vulnerable process on port 5556/TCP. Successful exploitation can result in execution of arbitrary commands within the security context of the target process.
Extended Description
Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands. Successful attacks can compromise the affected software and possibly the computer. Oracle WebLogic Server 10.3.2 is vulnerable; other versions may also be affected.
Affected Products
Oracle weblogic_server
Short Name
APP:ORACLE:WEBLOGIC-CMD-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2010-0073 Command Execution Manager Node Oracle Server WebLogic bid:37926
Release Date
10/01/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/5556
False Positive
Unknown
Vendors
Oracle
CVSS Score
10.0