CVE-2018-3252

CRITICAL

Oracle WebLogic Server <12.2.1.3 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-3252. PoCs published by pyn3rd, go-spider, jas502n.

AI-analyzed exploit summary This PoC exploits CVE-2018-3252, a deserialization vulnerability in Oracle WebLogic Server. It generates a malicious serialized object using ysoserial and sends it via a POST request to trigger remote code execution (RCE).

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (3)

nomisec WORKING POC 74 stars
by pyn3rd · poc
https://github.com/pyn3rd/CVE-2018-3252

This PoC exploits CVE-2018-3252, a deserialization vulnerability in Oracle WebLogic Server. It generates a malicious serialized object using ysoserial and sends it via a POST request to trigger remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
Auth required
Prerequisites: Valid WebLogic credentials · Access to the deployment service endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 18 stars
by go-spider · poc
https://github.com/go-spider/CVE-2018-3252

This repository contains a proof-of-concept exploit for CVE-2018-3252, a deserialization vulnerability in Oracle WebLogic Server. The exploit leverages ysoserial to generate a malicious payload and demonstrates how to exploit the vulnerability to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: Access to a vulnerable WebLogic Server instance · Java environment to compile and run the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 8 stars
by jas502n · poc
https://github.com/jas502n/CVE-2018-3252

The repository contains only a README.md file with minimal information about CVE-2018-3252, lacking any exploit code or technical details. It appears to be a placeholder or stub.

Classification
Stub 10%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Oracle WebLogic Server
No auth needed
Prerequisites: none
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105613
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041896
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-24

Scores

CVSS v3 9.8
EPSS 0.2780
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

Status published
Products (3)
oracle/weblogic_server 10.3.6.0.0
oracle/weblogic_server 12.1.3.0.0
oracle/weblogic_server 12.2.1.3.0
Published Oct 17, 2018
Tracked Since Feb 18, 2026