Exploitation Summary
EIP tracks 5 public exploits for CVE-2017-3248.
PoCs published by bobsecq, 0xn0ne, BabyTeam1024, including Metasploit module exploits/multi/misc/weblogic_deserialize_unicastref.
AI-analyzed exploit summary This exploit leverages Java deserialization in Oracle WebLogic's RMI Registry (CVE-2017-3248) to achieve remote code execution. It uses ysoserial to generate a malicious JRMPClient payload and sends it to the target server.
Description
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
Exploits (5)
This exploit leverages Java deserialization in Oracle WebLogic's RMI Registry (CVE-2017-3248) to achieve remote code execution. It uses ysoserial to generate a malicious JRMPClient payload and sends it to the target server.
This repository contains a WebLogic vulnerability scanner that checks for multiple CVEs, including CVE-2018-2628. It is a Python-based tool designed to detect vulnerabilities in Oracle WebLogic Server by sending crafted requests and analyzing responses.
This repository contains a functional exploit for CVE-2017-3248, a deserialization vulnerability in Oracle WebLogic Server. The PoC includes code to execute commands, upload files, and establish a reverse shell via RMI.
This Metasploit module exploits a deserialization vulnerability in Oracle WebLogic Server (CVE-2017-3248) via RMI UnicastRef to achieve remote code execution. It crafts a malicious serialized object to trigger payload execution on vulnerable targets.
References (8)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H