Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-10271
HistoryOct 19, 2017 - 5:29 p.m.

CVE-2017-10271

2017-10-1917:29:01
[email protected]
web.nvd.nist.gov
11

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.972

Percentile

99.8%

JSON

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Affected configurations

Nvd
Node
oracleweblogic_serverMatch10.3.6.0.0
OR
oracleweblogic_serverMatch12.1.3.0.0
OR
oracleweblogic_serverMatch12.2.1.1.0
OR
oracleweblogic_serverMatch12.2.1.2.0
VendorProductVersionCPE
oracleweblogic_server10.3.6.0.0cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
oracleweblogic_server12.1.3.0.0cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
oracleweblogic_server12.2.1.1.0cpe:2.3:a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:*
oracleweblogic_server12.2.1.2.0cpe:2.3:a:oracle:weblogic_server:12.2.1.2.0:*:*:*:*:*:*:*

Related

exploitpack 2
exploitdb 3
nuclei 1
prion 1
hackerone 2
zdt 2
cisa_kev 1
cvelist 1
cve 1
securelist 4
symantec 1
fireeye 6
packetstorm 1
malwarebytes 1
attackerkb 1
metasploit 1
nessus 2
thn 4
threatpost 11
talosblog 4
checkpoint_advisories 1
pentestit 1
seebug 1
githubexploit 3
kitploit 3
openvas 1
cisa 1
qualysblog 2
impervablog 1
oracle 1
exploitpack
exploitpack
Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution
2017-12-26 00:00:00
Oracle WebLogic 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution
2018-01-03 00:00:00
exploitdb
exploitdb
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)
2018-01-29 00:00:00
Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution
2017-12-26 00:00:00
Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution
2018-01-03 00:00:00
nuclei
nuclei
Oracle WebLogic Server - Remote Command Execution
2021-02-03 00:48:46
prion
prion
Design/Logic Flaw
2017-10-19 17:29:00
hackerone
hackerone
U.S. Dept Of Defense: RCE on โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ via CVE-2017-10271
2019-05-10 22:23:31
MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]
2020-03-04 13:45:59
zdt
zdt
Oracle WebLogic < 10.3.6 - wls-wsat Component Deserialisation Remote Command Execution Exploit
2018-01-08 00:00:00
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution Exploit
2018-01-29 00:00:00
cisa_kev
cisa_kev
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
2022-02-10 00:00:00
cvelist
cvelist
CVE-2017-10271
2017-10-19 17:00:00
cve
cve
CVE-2017-10271
2017-10-19 17:29:01
securelist
securelist
Andariel deploys DTrack and Maui ransomware
2022-08-09 10:00:46
APT trends report Q3 2019
2019-10-16 10:00:26
IT threat evolution Q3 2022
2022-11-18 08:00:32
symantec
symantec
Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability
2017-10-17 00:00:00
fireeye
fireeye
Malicious PowerShell Detection via Machine Learning
2018-07-10 12:00:00
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners
2018-07-18 10:00:00
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners
2018-07-18 14:00:00
packetstorm
packetstorm
Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution
2018-01-28 00:00:00
malwarebytes
malwarebytes
The state of malicious cryptomining
2018-02-26 16:08:03
attackerkb
attackerkb
CVE-2017-10271 - Oracle WebLogic Server AsyncResponseService Deserialization Vulnerability
2017-10-19 00:00:00
metasploit
metasploit
Oracle WebLogic wls-wsat Component Deserialization RCE
2018-01-05 20:05:21
nessus
nessus
Oracle WebLogic WSAT Remote Code Execution
2017-12-28 00:00:00
Oracle WebLogic Server Multiple Vulnerabilities (October 2017 CPU)
2017-10-18 00:00:00
thn
thn
New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
2021-02-01 11:15:00
Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners
2018-04-18 09:49:00
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
2024-06-28 11:59:00
threatpost
threatpost
New Threat Actor โ€˜Rockeโ€™: A Rising Monero Cryptomining Menace
2018-08-30 20:35:39
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
2019-05-06 20:04:55
Muhstik Botnet Exploits Highly Critical Drupal Bug
2018-04-23 22:13:25
talosblog
talosblog
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
2018-01-31 07:58:00
Rocke: The Champion of Monero Miners
2018-08-30 08:26:00
Cryptocurrency miners arenโ€™t dead yet: Documenting the voracious but simple โ€œPandaโ€
2019-09-17 08:09:45
checkpoint_advisories
checkpoint_advisories
Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271; CVE-2017-3506)
2017-12-27 00:00:00
pentestit
pentestit
UPDATE: Infection Monkey 1.6.1
2018-12-03 22:28:53
seebug
seebug
Oracle WebLogic wls-wsat RCE(CVE-2017-10271)
2017-12-22 00:00:00
githubexploit
githubexploit
Exploit for Injection in Oracle Weblogic Server
2019-08-23 01:42:57
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
kitploit
kitploit
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
openvas
openvas
Oracle WebLogic Server Multiple Vulnerabilities (cpujul2017-3236622)
2017-07-19 00:00:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
qualysblog
qualysblog
Top 19+ Vulnerability CVEs in Santaโ€™s Dashboard Tracking
2019-12-27 18:01:22
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.972

Percentile

99.8%

JSON
Related for NVD:CVE-2017-10271
exploitpack2exploitdb3nuclei1prion1hackerone2zdt2cisa_kev1cvelist1cve1securelist4symantec1fireeye6packetstorm1malwarebytes1attackerkb1metasploit1nessus2thn4threatpost11talosblog4checkpoint_advisories1pentestit1seebug1githubexploit3kitploit3openvas1cisa1qualysblog2impervablog1oracle1