CVE-2016-3510

CRITICAL NUCLEI

Oracle WebLogic Server - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.

Exploits (3)

github WORKING POC 6 stars

by Y5neKO · pythonpoc

https://github.com/Y5neKO/ExpAndPoc_Collection/tree/main/CVE-2016-3510

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by BabyTeam1024 · poc

https://github.com/BabyTeam1024/CVE-2016-3510

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by Andres Rodriguez · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Oracle WebLogic Server Java Object Deserialization - Remote Code Execution

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: product:"oracle weblogic" || http.title:"oracle peoplesoft sign-in"

FOFA: title="oracle peoplesoft sign-in"

References (5)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91787

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036373

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.html

[Third Party Advisory] https://www.tenable.com/security/research/tra-2016-21

Scores

CVSS v3 9.8

EPSS 0.9401

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.0.0

Published Jul 21, 2016

Tracked Since Feb 18, 2026