0.0
NA
CVE-2021-47115
CVE-2021-1234: Oracle WebLogic Server Cross-Site Request Forgery
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

March 15, 2024, 9:15 p.m.

Last Modified :

March 18, 2024, 11:15 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Public PoC/Exploit Available at Github

CVE-2021-47115 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2021-47115 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
NaInSec/CVE-LIST

Ini adalah repository kumpulan CVE v.5

allcve cve cvelist newcve

Updated: 1 month, 3 weeks ago
2 stars 0 fork 0 watcher
Born at : March 24, 2024, 3:01 p.m. This repo has been linked 1214 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47115 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47115 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 18, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 18, 2024

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect It's possible to trigger NULL pointer dereference by local unprivileged user, when calling getsockname() after failed bind() (e.g. the bind fails because LLCP_SAP_MAX used as SAP): BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 1 PID: 426 Comm: llcp_sock_getna Not tainted 5.13.0-rc2-next-20210521+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1 04/01/2014 Call Trace: llcp_sock_getname+0xb1/0xe0 __sys_getpeername+0x95/0xc0 ? lockdep_hardirqs_on_prepare+0xd5/0x180 ? syscall_enter_from_user_mode+0x1c/0x40 __x64_sys_getpeername+0x11/0x20 do_syscall_64+0x36/0x70 entry_SYSCALL_64_after_hwframe+0x44/0xae This can be reproduced with Syzkaller C repro (bind followed by getpeername): https://syzkaller.appspot.com/x/repro.c?x=14def446e00000 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477
    Removed Reference kernel.org https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94
    Removed Reference kernel.org https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9
    Removed Reference kernel.org https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f
    Removed Reference kernel.org https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70
    Removed Reference kernel.org https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2
    Removed Reference kernel.org https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b
    Removed Reference kernel.org https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba
  • CVE Translated by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 18, 2024

    Action Type Old Value New Value
    Removed Translation Title: kernel de Linux Description: En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: corrige la desreferencia de ptr NULL en llcp_sock_getname() después de una conexión fallida. Es posible activar la desreferencia de puntero NULL por parte de un usuario local sin privilegios, al llamar a getsockname() después de un bind() fallido (por ejemplo, el el enlace falla porque LLCP_SAP_MAX se usa como SAP): ERROR: desreferencia del puntero NULL del kernel, dirección: 00000000000000000 CPU: 1 PID: 426 Comm: llcp_sock_getna No contaminado 5.13.0-rc2-next-20210521+ #9 Nombre del hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-1 01/04/2014 Seguimiento de llamadas: llcp_sock_getname+0xb1/0xe0 __sys_getpeername+0x95/0xc0 ? lockdep_hardirqs_on_prepare+0xd5/0x180? syscall_enter_from_user_mode+0x1c/0x40 __x64_sys_getpeername+0x11/0x20 do_syscall_64+0x36/0x70 Entry_SYSCALL_64_after_hwframe+0x44/0xae Esto se puede reproducir con Syzkaller C repro (enlace seguido de getpeername): https://syzkaller.appspot.com/ x/repro.c ?x=14def446e00000
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 15, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect It's possible to trigger NULL pointer dereference by local unprivileged user, when calling getsockname() after failed bind() (e.g. the bind fails because LLCP_SAP_MAX used as SAP): BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 1 PID: 426 Comm: llcp_sock_getna Not tainted 5.13.0-rc2-next-20210521+ #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1 04/01/2014 Call Trace: llcp_sock_getname+0xb1/0xe0 __sys_getpeername+0x95/0xc0 ? lockdep_hardirqs_on_prepare+0xd5/0x180 ? syscall_enter_from_user_mode+0x1c/0x40 __x64_sys_getpeername+0x11/0x20 do_syscall_64+0x36/0x70 entry_SYSCALL_64_after_hwframe+0x44/0xae This can be reproduced with Syzkaller C repro (bind followed by getpeername): https://syzkaller.appspot.com/x/repro.c?x=14def446e00000
    Added Reference kernel.org https://git.kernel.org/stable/c/eb6875d48590d8e564092e831ff07fa384d7e477 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/39c15bd2e5d11bcf7f4c3dba2aad9e1e110a5d94 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ffff05b9ee5c74c04bba2801c1f99b31975d74d9 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/48ee0db61c8299022ec88c79ad137f290196cac2 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/0c4559736d9a4ec1ca58ba98ca34e7c4da4c422b [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/4ac06a1e013cf5fdd963317ffd3b968560f33bba [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47115 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47115 weaknesses.

NONE - Vulnerability Scoring System
: