cnvd - cnvd-2017-00919

cnvd-2017-00919

Vulnerability from cnvd

Title

Oracle WebLogic Server远程安全漏洞

Description

Oracle WebLogic Server是美国甲骨文（Oracle）公司的一款适用于云环境和传统环境的应用服务器，它提供了一个现代轻型开发平台，支持应用从开发到生产的整个生命周期管理，并简化了应用的部署和管理。 Oracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0和12.2.1.1版本存在远程安全漏洞。该漏洞可被'T3'协议利用使'Core Components'子组件受到影响。

Severity

高

Patch Name

Oracle WebLogic Server远程安全漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Reference

http://www.securityfocus.com/bid/95465

Impacted products

Name
['Oracle WebLogic Server 10.3.6.0', 'Oracle WebLogic Server 12.1.3.0', 'Oracle WebLogic Server 12.2.1.0', 'Oracle WebLogic Server 12.2.1.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95465"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3248",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3248"
    }
  },
  "description": "Oracle WebLogic Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8e\u4e91\u73af\u5883\u548c\u4f20\u7edf\u73af\u5883\u7684\u5e94\u7528\u670d\u52a1\u5668\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u73b0\u4ee3\u8f7b\u578b\u5f00\u53d1\u5e73\u53f0\uff0c\u652f\u6301\u5e94\u7528\u4ece\u5f00\u53d1\u5230\u751f\u4ea7\u7684\u6574\u4e2a\u751f\u547d\u5468\u671f\u7ba1\u7406\uff0c\u5e76\u7b80\u5316\u4e86\u5e94\u7528\u7684\u90e8\u7f72\u548c\u7ba1\u7406\u3002\r\n\r\nOracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0\u548c12.2.1.1\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u53ef\u88ab\u0027T3\u0027\u534f\u8bae\u5229\u7528\u4f7f\u0027Core Components\u0027\u5b50\u7ec4\u4ef6\u53d7\u5230\u5f71\u54cd\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00919",
  "openTime": "2017-02-05",
  "patchDescription": "Oracle WebLogic Server\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8e\u4e91\u73af\u5883\u548c\u4f20\u7edf\u73af\u5883\u7684\u5e94\u7528\u670d\u52a1\u5668\uff0c\u5b83\u63d0\u4f9b\u4e86\u4e00\u4e2a\u73b0\u4ee3\u8f7b\u578b\u5f00\u53d1\u5e73\u53f0\uff0c\u652f\u6301\u5e94\u7528\u4ece\u5f00\u53d1\u5230\u751f\u4ea7\u7684\u6574\u4e2a\u751f\u547d\u5468\u671f\u7ba1\u7406\uff0c\u5e76\u7b80\u5316\u4e86\u5e94\u7528\u7684\u90e8\u7f72\u548c\u7ba1\u7406\u3002\r\n\r\nOracle WebLogic Server 10.3.6.0, 12.1.3.0, 12.2.1.0\u548c12.2.1.1\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u53ef\u88ab\u0027T3\u0027\u534f\u8bae\u5229\u7528\u4f7f\u0027Core Components\u0027\u5b50\u7ec4\u4ef6\u53d7\u5230\u5f71\u54cd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle WebLogic Server\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle WebLogic Server 10.3.6.0",
      "Oracle WebLogic Server 12.1.3.0",
      "Oracle WebLogic Server 12.2.1.0",
      "Oracle WebLogic Server 12.2.1.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95465",
  "serverity": "\u9ad8",
  "submitTime": "2017-01-20",
  "title": "Oracle WebLogic Server\u8fdc\u7a0b\u5b89\u5168\u6f0f\u6d1e"
}

CVE-2017-3248 (GCVE-0-2017-3248)

Vulnerability from cvelistv5

Published

2017-01-27 22:01

Modified

2025-08-13 14:25

Severity ?

CWE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).

References

URL

Tags

	https://www.exploit-db.com/exploits/44998/	exploit, x_refsource_EXPLOIT-DB
	https://www.tenable.com/security/research/tra-2017-07	x_refsource_MISC
	http://www.securityfocus.com/bid/95465	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037632	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html	x_refsource_MISC