Lucene search
Tenable Network Security - Jacob BainesZDI-17-055HistoryJan 24, 2017 - 12:00 a.m.
Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability
2017-01-2400:00:00
Tenable Network Security - Jacob Baines
www.zerodayinitiative.com
155
0.971 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the failure to properly validate user-supplied data which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
Related
checkpoint_advisories
checkpoint_advisories
Oracle WebLogic Server UnicastRef Insecure Deserialization (CVE-2017-3248)
2017-03-29 00:00:00
nvd
nvd
CVE-2017-3248
2017-01-27 22:59:02
cve
cve
CVE-2017-3248
2017-01-27 22:59:02
packetstorm
packetstorm
Oracle WebLogic 12.1.2.0 Remote Code Execution
2018-07-09 00:00:00
Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution
2019-04-02 00:00:00
cvelist
cvelist
CVE-2017-3248
2017-01-27 22:01:00
exploitpack
exploitpack
nessus
nessus
zdt
zdt
prion
prion
Design/Logic Flaw
2017-01-27 22:59:00
exploitdb
exploitdb
seebug
seebug
Oracle WebLogic wls-wsat RCE(CVE-2017-10271)
2017-12-22 00:00:00
openvas
openvas
Oracle WebLogic Server Remote Code Execution Vulnerability (Nov 2016)
2016-11-02 00:00:00
fireeye
fireeye
Click It Up: Targeting Local Government Payment Portals
2018-09-19 10:00:00
kitploit
kitploit
Jok3R - Network And Web Pentest Framework
2019-01-23 12:25:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2017
2017-01-17 00:00:00