johndekroon
commented
7 years ago You're correct, but there is no reliable way to confirm whether weblogic is patched or not (well, we could run the exploit, but hey, let's not do that :) ). At the time I wrote this script (a few hours after the exploits became public), finding a Weblogic server meant finding a vulnerable Weblogic server.
I applied the security patch for this vulnerability. When I checked the script - weblogic part, the script is just checking the t3 port and getting a response. How does it mean the server is vulnerable?