ID CVE-2016-3510
Summary Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
References
Vulnerable Configurations
  • Oracle Weblogic Server 10.3.6.0.0
    cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0
  • Oracle Weblogic Server 12.1.3.0.0
    cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0
  • Oracle Weblogic Server 12.2.1.0.0
    cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0
CVSS
Base: 10.0 (as of 12-08-2016 - 10:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Web Servers
    NASL id WEBLOGIC_2016_3510.NASL
    description The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the WLS Core component in the readObject() function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, to bypass the ClassFilter.class blacklist and execute arbitrary Java code in the context of the WebLogic server.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 92606
    published 2016-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92606
    title Oracle WebLogic Server Java Object Deserialization RCE (July 2016 CPU)
  • NASL family Misc.
    NASL id ORACLE_WEBLOGIC_SERVER_CPU_JUL_2016.NASL
    description The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3445) - An unspecified flaw exists in the Web Container subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3499) - A remote code execution vulnerability exists in the WLS Core component due to unsafe deserialize calls to the weblogic.corba.utils.MarshallObject object. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code. (CVE-2016-3510) - An unspecified flaw exists in the WLS Core component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3586)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 92460
    published 2016-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92460
    title Oracle WebLogic Server Multiple Vulnerabilities (July 2016 CPU)
refmap via4
bid 91787
confirm http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
misc
sectrack 1036373
Last major update 23-12-2016 - 21:59
Published 21-07-2016 - 06:13
Last modified 01-04-2019 - 19:29
Back to Top