CVE 编号
危害级别
高
影响产品
Oracle WebLogic Server
10.3.6.0.0和12.1.3.0.0
漏洞描述
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
该漏洞通过T3协议实现利用、攻击者可通过此漏洞实现远程代码执行,CVSS评分均为9.8。利用复杂度低。
漏洞解决方案
厂商已发布了漏洞修复程序,请及时关注更新:https://www.oracle.com/security-alerts/cpujan2020.html
悬赏时间
2020.2.13
悬赏种类
官方悬赏
悬赏问题
该漏洞具体细节
悬赏解决方式
在论坛【悬赏细节】版面对于本漏洞进行漏洞分析
悬赏积分
5 酒币
悬赏状态
待解决