CVE-2016-0638

CRITICAL

Oracle WebLogic Server - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.

Exploits (3)

nomisec SCANNER 2,072 stars

by 0xn0ne · poc

https://github.com/0xn0ne/weblogicScanner

View Code ZIP pw:eip

nomisec WORKING POC 17 stars

by zhzhdoai · poc

https://github.com/zhzhdoai/Weblogic_Vuln

View Code ZIP pw:eip

nomisec WORKING POC

by BabyTeam1024 · poc

https://github.com/BabyTeam1024/CVE-2016-0638

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035615

[Third Party Advisory] https://www.tenable.com/security/research/tra-2016-09

Scores

CVSS v3 9.8

EPSS 0.7095

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.2.0.0

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.0.0

Published Apr 21, 2016

Tracked Since Feb 18, 2026