CVE-2017-10271

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
oracleCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
oracleweblogic_server
10.3.6.0.0
oracleweblogic_server
12.1.3.0.0
oracleweblogic_server
12.2.1.1.0
oracleweblogic_server
12.2.1.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/101304
http://www.securitytracker.com/id/1039608
https://github.com/c0mmand3rOpSec/CVE-2017-10271
https://www.exploit-db.com/exploits/43458/
https://www.exploit-db.com/exploits/43924/
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.securityfocus.com/bid/101304
http://www.securitytracker.com/id/1039608
https://github.com/c0mmand3rOpSec/CVE-2017-10271
https://www.exploit-db.com/exploits/43458/
https://www.exploit-db.com/exploits/43924/