Weblogic Local File Inclusion Local File Inclusion Vulnerability Cve 2022 21371
Weblogic Local File Inclusion Local File Inclusion Vulnerability Cve 2022 21371
WebLogic Local File Inclusion Local File Inclusion Vulnerability CVE-2022-21371
Vulnerability Description
On January 19, 2022, Green Network Technology CERT monitoring discovered that Oracle officially released the January key patch update announcement CPU (Critical Patch Update). This time, a total of 497 vulnerabilities of varying degrees were fixed. This security update involves many commonly used products such as Oracle WebLogic Server, Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications, etc.
Vulnerability Impact
WebLogic Server 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
Vulnerability reappears
Verify POC
1
2
3
4
.//META-INF/MANIFEST.MF
.//WEB-INF/web.xml
.//WEB-INF/portlet.xml
.//WEB-INF/weblogic.xml
This post is licensed under CC BY 4.0 by the author.