CVE-2018-2894 – Weblogic JSP File Upload

CVE-2018-2894 – Weblogic JSP File Upload vulnerability Oracle weblogic suffers from a trivial file upload vulnerability. Here are the steps to reproduce the vulnerability. 1) Go to http://172.17.0.2:7001/ws_utc/config.do If you can’t access 172.17.0.2:7001/ws_utc. This means the webservice test client is disabled for your weblogic server which is a good thing. 2) Change the Work Home […]