CVE-2010-2375

Oracle Fusion Middleware - Confidentiality Integrity

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2375. PoCs published by Timothy D. Morgan.

AI-analyzed exploit summary The exploit demonstrates a HTTP request smuggling vulnerability in Oracle WebLogic Server by injecting malicious headers and secondary requests. It leverages improper handling of HTTP request parsing to bypass security controls.

Description

Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Timothy D. Morgan · textremotemultiple
https://www.exploit-db.com/exploits/34312

The exploit demonstrates a HTTP request smuggling vulnerability in Oracle WebLogic Server by injecting malicious headers and secondary requests. It leverages improper handling of HTTP request parsing to bypass security controls.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Oracle WebLogic Server (7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3)
No auth needed
Prerequisites: Network access to the target WebLogic Server · Plugins for Apache, Sun, or IIS web servers enabled
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0651
EPSS Percentile 93.0%

Details

Status published
Products (8)
bea/weblogic_server 7.0 sp7
bea/weblogic_server 8.1 sp6
bea/weblogic_server 9.0
bea/weblogic_server 9.1
bea/weblogic_server 9.2 mp3
bea_systems/weblogic_server 10.0 mp2
oracle/weblogic_server 10.3.2.0.0
oracle/weblogic_server 10.3.3.0.0
Published Jul 13, 2010
Tracked Since Feb 18, 2026