CVE-2018-3191

CRITICAL

Oracle WebLogic Server <12.2.1.3 - RCE

Title source: llm

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (7)

nomisec WORKING POC 68 stars

by jas502n · poc

https://github.com/jas502n/CVE-2018-3191

View Code ZIP pw:eip

nomisec WORKING POC 63 stars

by Libraggbond · poc

https://github.com/Libraggbond/CVE-2018-3191

View Code ZIP pw:eip

nomisec WORKING POC 17 stars

by mackleadmire · poc

https://github.com/mackleadmire/CVE-2018-3191-Rce-Exploit

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by m00zh33 · poc

https://github.com/m00zh33/CVE-2018-3191

View Code ZIP pw:eip

nomisec WORKING POC

by arongmh · poc

https://github.com/arongmh/CVE-2018-3191

View Code ZIP pw:eip

inthewild

poc

https://github.com/voidfyoo/cve-2018-3191

View on inthewild

inthewild

poc

https://github.com/pyn3rd/cve-2018-3191

View on inthewild

References (3)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105613

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041896

Scores

CVSS v3 9.8

EPSS 0.9066

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

oracle/weblogic_server 10.3.6.0.0

oracle/weblogic_server 12.1.3.0.0

oracle/weblogic_server 12.2.1.3.0

Published Oct 17, 2018

Tracked Since Feb 18, 2026