ID CVE-2017-3248
Summary Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
References
Vulnerable Configurations
  • Oracle Weblogic Server 10.3.6.0.0
    cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0
  • Oracle Weblogic Server 12.1.3.0.0
    cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0
  • Oracle Weblogic Server 12.2.1.0.0
    cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0
  • Oracle Weblogic Server 12.2.1.1.0
    cpe:2.3:a:oracle:weblogic_server:12.2.1.1.0
CVSS
Base: 7.5 (as of 30-01-2017 - 23:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution. CVE-2017-3248. Webapps exploit for Multiple platform
file exploits/multiple/webapps/44998.py
id EDB-ID:44998
last seen 2018-07-10
modified 2018-07-07
platform multiple
port
published 2018-07-07
reporter Exploit-DB
source https://www.exploit-db.com/download/44998/
title Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution
type webapps
nessus via4
  • NASL family Web Servers
    NASL id WEBLOGIC_2017_3248.NASL
    description The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 96803
    published 2017-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96803
    title Oracle WebLogic Java Object RMI Connect-Back Deserialization RCE (January 2017 CPU)
  • NASL family Misc.
    NASL id ORACLE_WEBLOGIC_SERVER_CPU_JAN_2017.NASL
    description The version of Oracle WebLogic Server installed on the remote host is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects by the RMI registry. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of the WebLogic server.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 96610
    published 2017-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96610
    title Oracle WebLogic Server Java Object RMI Connect-Back Deserialization RCE (January 2017 CPU)
packetstorm via4
data source https://packetstormsecurity.com/files/download/148460/oraclewl12120-exec.txt
id PACKETSTORM:148460
last seen 2018-07-11
published 2018-07-09
reporter bobsecq
source https://packetstormsecurity.com/files/148460/Oracle-WebLogic-12.1.2.0-Remote-Code-Execution.html
title Oracle WebLogic 12.1.2.0 Remote Code Execution
refmap via4
bid 95465
confirm http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
exploit-db 44998
misc
sectrack 1037632
Last major update 31-01-2017 - 11:43
Published 27-01-2017 - 17:59
Last modified 02-04-2019 - 13:29
Back to Top