Exploitation Summary
EIP tracks 4 public exploits for CVE-2018-3245. PoCs published by allyshka, pyn3rd, jas502n.
AI-analyzed exploit summary This is a functional exploit for CVE-2018-3245, a deserialization vulnerability in Oracle WebLogic. It leverages JRMP (Java Remote Method Protocol) to achieve remote code execution by bypassing previous patches.
Description
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Exploits (4)
This is a functional exploit for CVE-2018-3245, a deserialization vulnerability in Oracle WebLogic. It leverages JRMP (Java Remote Method Protocol) to achieve remote code execution by bypassing previous patches.
This PoC exploits CVE-2018-3245, a deserialization vulnerability in Oracle WebLogic Server. It uses a custom ysoserial payload to generate a malicious serialized object, which is then sent to the target via a crafted T3 protocol request to achieve remote code execution.
This repository provides a proof-of-concept exploit for CVE-2018-3245, a deserialization vulnerability in Oracle WebLogic Server. It includes a hex-encoded payload for achieving remote code execution (RCE) and obtaining a reverse shell.
This PoC exploits CVE-2018-3245, a deserialization vulnerability in Oracle WebLogic Server. It uses a custom ysoserial payload to generate a malicious serialized object, which is then sent to the target via a crafted T3 protocol request to achieve remote code execution.
References (4)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H