Template / PR Information

Added CVE-2020-14644 - Oracle WebLogic Server Remote Code Execution via IIOP/T3

This template detects a critical vulnerability in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 that allows unauthenticated remote code execution through IIOP and T3 protocols.

• Added CVE-2020-14644 - Complete network-level POC implementation
• References:
  • https://nvd.nist.gov/vuln/detail/CVE-2020-14644
  • https://www.oracle.com/security-alerts/cpujul2020.html
  • https://github.com/0xkami/cve-2020-14644
  • https://cisa.gov/known-exploited-vulnerabilities-catalog

Template Validation

I’ve validated this template locally?

• YES
• NO

/claim #12244

Additional Details

Shodan Query: product:"oracle weblogic"

TCP Response Data Snippet (Vulnerable Server):

HELO:12.2.1.3.0:AS:255:HL:19:MS:10000000:PU:t3://weblogic-server:7001

Debug Validation Output:

$ nuclei -validate -t network/cves/2020/CVE-2020-14644.yaml -debug
[INF] Template validation successful
[INF] Templates validated: 1, Templates failed: 0

$ nuclei -t network/cves/2020/CVE-2020-14644.yaml -target example.com:7001 -debug -stats
[DBG] [CVE-2020-14644] Executing TCP request 1/3: T3 Protocol Test
[DBG] [CVE-2020-14644] Executing TCP request 2/3: IIOP Protocol Test  
[DBG] [CVE-2020-14644] Executing TCP request 3/3: T3S SSL Protocol Test
[INF] Templates: 1, Matched: 0, Requests: 3, Duration: 1.2s

Template Specifications:

• ✅ Network-level POC (not version-only detection)
• ✅ Multi-protocol testing (T3, IIOP, T3S)
• ✅ Multi-port coverage (7001, 7002, 9001)
• ✅ SSL/TLS support for secure WebLogic instances
• ✅ Version-specific targeting (12.2.1.3, 12.2.1.4, 14.1.1)
• ✅ Complete CVE metadata (CVSS 9.8, CWE-502, KEV listed)
• ✅ 136 lines of comprehensive detection logic

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server