CVE-2017-10352

CRITICAL

Oracle WebLogic Server <=12.2.1.3.0 - Unauthenticated DoS & Data Manipulation via HTTP

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-10352. PoCs published by bigsizeme.

AI-analyzed exploit summary This repository contains a Python-based GUI tool for exploiting CVE-2017-10352, a deserialization vulnerability in Oracle WebLogic Server. It includes functional exploit code for command execution and file upload via XMLDecoder manipulation.

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H).

Exploits (1)

nomisec WORKING POC 9 stars

by bigsizeme · poc

https://github.com/bigsizeme/weblogic-XMLDecoder

View Code ZIP pw:eip

This repository contains a Python-based GUI tool for exploiting CVE-2017-10352, a deserialization vulnerability in Oracle WebLogic Server. It includes functional exploit code for command execution and file upload via XMLDecoder manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle WebLogic Server

No auth needed

Prerequisites: Network access to vulnerable WebLogic server · XMLDecoder endpoint exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039608

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102442

Scores

CVSS v3 9.9

EPSS 0.0569

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (10)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.1.0

oracle/weblogic_server 12.2.1.2.0

oracle/weblogic_server 12.2.1.3.0

Oracle Corporation/WebLogic Server 10.3.6.0.0

Oracle Corporation/WebLogic Server 12.1.3.0.0

Oracle Corporation/WebLogic Server 12.2.1.1.0

Oracle Corporation/WebLogic Server 12.2.1.2.0

Oracle Corporation/WebLogic Server 12.2.1.3.0

Published Oct 19, 2017

Tracked Since Feb 18, 2026