Pwnie Awards 2017

2020 Nomination for Most Epic FAIL

Oracle WebLogic Server c/o Oracle

Having path traversal issues allowing pre-auth code execution in your enterprise application platform is quite emberassing already, especially when attackers find out about the flaw earlier than you do. No wonder Oracle rushed to provide a fix for WebLogic’s actively exploited CVE-2020-14883, only to be reminded by the people of the Internet, that the sloppy filter list can be bypassed by changing the case of the payload.