forked from p15670423/monkey
Island: Remove WebLogic exploiter
This commit is contained in:
Ilija Lazoroski
ilija-lazoroski
parent
d9c295bed4
commit
c10b5c9e79
|
|
@ -18,7 +18,6 @@ BASIC = {
|
|||
"WmiExploiter",
|
||||
"SSHExploiter",
|
||||
"Log4ShellExploiter",
|
||||
"WebLogicExploiter",
|
||||
"HadoopExploiter",
|
||||
"MSSQLExploiter",
|
||||
"PowerShellExploiter",
|
||||
|
|
|
|||
|
|
@ -53,15 +53,6 @@ EXPLOITER_CLASSES = {
|
|||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference"
|
||||
"/exploiters/sshexec/",
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["WebLogicExploiter"],
|
||||
"title": "WebLogic Exploiter",
|
||||
"safe": True,
|
||||
"info": "Exploits CVE-2017-10271 and CVE-2019-2725 vulnerabilities on WebLogic server.",
|
||||
"link": "https://www.guardicore.com/infectionmonkey/docs/reference/exploiters"
|
||||
"/weblogic/",
|
||||
},
|
||||
{
|
||||
"type": "string",
|
||||
"enum": ["HadoopExploiter"],
|
||||
|
|
|
|||
|
|
@ -81,7 +81,6 @@ class AWSExporter(Exporter):
|
|||
"shared_passwords_domain": AWSExporter._handle_shared_passwords_domain_issue,
|
||||
"shared_admins_domain": AWSExporter._handle_shared_admins_domain_issue,
|
||||
"strong_users_on_crit": AWSExporter._handle_strong_users_on_crit_issue,
|
||||
ExploiterDescriptorEnum.WEBLOGIC.value.class_name: AWSExporter._handle_weblogic_issue,
|
||||
ExploiterDescriptorEnum.HADOOP.value.class_name: AWSExporter._handle_hadoop_issue,
|
||||
}
|
||||
|
||||
|
|
@ -386,27 +385,6 @@ class AWSExporter(Exporter):
|
|||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _handle_weblogic_issue(issue, instance_arn):
|
||||
|
||||
return AWSExporter._build_generic_finding(
|
||||
severity=10,
|
||||
title="Oracle WebLogic servers are vulnerable to remote code execution.",
|
||||
description="Install Oracle critical patch updates. Or update to the latest "
|
||||
"version. "
|
||||
"Vulnerable versions are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and "
|
||||
"12.2.1.2.0.",
|
||||
recommendation="Oracle WebLogic server at {machine} ({ip_address}) is vulnerable "
|
||||
"to remote code execution attack."
|
||||
"The attack was made possible due to incorrect permission "
|
||||
"assignment in Oracle Fusion Middleware "
|
||||
"(subcomponent: WLS Security).".format(
|
||||
machine=issue["machine"], ip_address=issue["ip_address"]
|
||||
),
|
||||
instance_arn=instance_arn,
|
||||
instance_id=issue["aws_instance_id"] if "aws_instance_id" in issue else None,
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def _handle_hadoop_issue(issue, instance_arn):
|
||||
|
||||
|
|
|
|||
|
|
@ -28,9 +28,6 @@ class ExploiterDescriptorEnum(Enum):
|
|||
SMB = ExploiterDescriptor("SmbExploiter", "SMB Exploiter", CredExploitProcessor)
|
||||
WMI = ExploiterDescriptor("WmiExploiter", "WMI Exploiter", CredExploitProcessor)
|
||||
SSH = ExploiterDescriptor("SSHExploiter", "SSH Exploiter", CredExploitProcessor)
|
||||
WEBLOGIC = ExploiterDescriptor(
|
||||
"WebLogicExploiter", "Oracle WebLogic Exploiter", ExploitProcessor
|
||||
)
|
||||
HADOOP = ExploiterDescriptor("HadoopExploiter", "Hadoop/Yarn Exploiter", ExploitProcessor)
|
||||
MSSQL = ExploiterDescriptor("MSSQLExploiter", "MSSQL Exploiter", ExploitProcessor)
|
||||
ZEROLOGON = ExploiterDescriptor(
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import guardicoreLogoImage from '../../images/guardicore-logo.png'
|
|||
import {faExclamationTriangle} from '@fortawesome/free-solid-svg-icons';
|
||||
import '../../styles/App.css';
|
||||
import {smbPasswordReport, smbPthReport} from './security/issues/SmbIssue';
|
||||
import {webLogicIssueOverview, webLogicIssueReport} from './security/issues/WebLogicIssue';
|
||||
import {hadoopIssueOverview, hadoopIssueReport} from './security/issues/HadoopIssue';
|
||||
import {mssqlIssueOverview, mssqlIssueReport} from './security/issues/MssqlIssue';
|
||||
import {wmiPasswordIssueReport, wmiPthIssueReport} from './security/issues/WmiIssue';
|
||||
|
|
@ -76,11 +75,6 @@ class ReportPageComponent extends AuthComponent {
|
|||
},
|
||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||
},
|
||||
'WebLogicExploiter': {
|
||||
[this.issueContentTypes.OVERVIEW]: webLogicIssueOverview,
|
||||
[this.issueContentTypes.REPORT]: webLogicIssueReport,
|
||||
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
|
||||
},
|
||||
'HadoopExploiter': {
|
||||
[this.issueContentTypes.OVERVIEW]: hadoopIssueOverview,
|
||||
[this.issueContentTypes.REPORT]: hadoopIssueReport,
|
||||
|
|
|
|||
|
|
@ -1,23 +0,0 @@
|
|||
import React from 'react';
|
||||
import CollapsibleWellComponent from '../CollapsibleWell';
|
||||
|
||||
export function webLogicIssueOverview() {
|
||||
return (<li>Oracle WebLogic servers are susceptible to a remote code execution vulnerability.</li>)
|
||||
}
|
||||
|
||||
export function webLogicIssueReport(issue) {
|
||||
return (
|
||||
<>
|
||||
Update Oracle WebLogic server to the latest supported version.
|
||||
<CollapsibleWellComponent>
|
||||
Oracle WebLogic server at <span className="badge badge-primary">{issue.machine}</span> (<span
|
||||
className="badge badge-info" style={{margin: '2px'}}>{issue.ip_address}</span>) is vulnerable to one of <span
|
||||
className="badge badge-danger">remote code execution</span> attacks.
|
||||
<br/>
|
||||
The attack was made possible due to one of the following vulnerabilities:
|
||||
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271'}> CVE-2017-10271</a> or
|
||||
<a href={'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2725'}> CVE-2019-2725</a>
|
||||
</CollapsibleWellComponent>
|
||||
</>
|
||||
);
|
||||
}
|
||||
Loading…
Reference in New Issue