Oracle.WebLogic.Console.Help.SSRF
Description
This indicates an attack attempt to exploit a Server-Side Request Forgery Vulnerability in Oracle WebLogic Server.
The vulnerability is due to improper sanitation of a crafted HTTP user input. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream.
Affected Products
Oracle WebLogic Server 10.3.6.0.0
Oracle WebLogic Server 12.1.3.0.0
Oracle WebLogic Server 12.2.1.3.0
Oracle WebLogic Server 12.2.1.4.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2020.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-04-19 | 18.061 | Default_action:pass:drop |