CVE-2017-3248

CRITICAL

Oracle WebLogic Server <12.2.1.1 - RCE

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).

Exploits (5)

exploitdb WORKING POC
by bobsecq · pythonwebappsmultiple
https://www.exploit-db.com/exploits/44998
nomisec SCANNER 2,072 stars
by 0xn0ne · poc
https://github.com/0xn0ne/weblogicScanner
nomisec WORKING POC
by BabyTeam1024 · poc
https://github.com/BabyTeam1024/CVE-2017-3248
nomisec NO CODE
by ianxtianxt · poc
https://github.com/ianxtianxt/CVE-2017-3248
metasploit WORKING POC EXCELLENT
by Andres Rodriguez · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb

References (8)

Scores

CVSS v3 9.8
EPSS 0.9119
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (8)
Oracle/WebLogic Server 10.3.6.0
Oracle/WebLogic Server 12.1.3.0
Oracle/WebLogic Server 12.2.1.0
Oracle/WebLogic Server 12.2.1.1
oracle/weblogic_server 10.3.6.0.0
oracle/weblogic_server 12.1.3.0.0
oracle/weblogic_server 12.2.1.0.0
oracle/weblogic_server 12.2.1.1.0
Published Jan 27, 2017
Tracked Since Feb 18, 2026