10
CVSSv2

CVE-2016-3510

Published: 21/07/2016 Updated: 01/04/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 896
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote malicious users to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.

Vulnerability Trend

Affected Products

Vendor Product Versions
OracleWeblogic Server10.3.6.0.0, 12.1.3.0.0, 12.2.1.0.0

Vendor Advisories

Oracle Critical Patch Update Advisory - July 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...

Github Repositories

Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: Cisco Prime Infrastructure Java Deserialization RCE (CVE-2016-1291) IBM WebSphere Java Object Deserialization RCE (CVE-2015-7450) OpenNMS Java Object Deserialization RCE (No CVE ?) Jenkins CLI RMI Java Deserialization RCE

weblogic_httppy--CVE-2014-4210,CVE-2017-3506,CVE-2017-10271,CVE-2019-2725 weblogic_t3py--CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2018-2628,CVE-2018-2893

软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V22简介: 提供weblogic批量检测功能,收录几乎全部weblogic历史漏洞。 【没有遇到过weblogic批量检测工具的小朋友举起你的爪爪!】 PS: 综上:V2*系列不是V1*

WeblogicScan Weblogic一键漏洞检测工具,V13 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 13功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR

Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: Cisco Prime Infrastructure Java Deserialization RCE (CVE-2016-1291) IBM WebSphere Java Object Deserialization RCE (CVE-2015-7450) OpenNMS Java Object Deserialization RCE (No CVE ?) Jenkins CLI RMI Java Deserialization RCE

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V22简介: 提供weblogic批量检测功能,收录几乎全部weblogic历史漏洞。 【没有遇到过weblogic批量检测工具的小朋友举起你的爪爪!】 PS: 综上:V2*系列不是V1*

Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: Cisco Prime Infrastructure Java Deserialization RCE (CVE-2016-1291) IBM WebSphere Java Object Deserialization RCE (CVE-2015-7450) OpenNMS Java Object Deserialization RCE (No CVE ?) Jenkins CLI RMI Java Deserialization RCE

weblogic-deserialization CVE-2015-4852 CVE-2016-0638 CVE-2016-3510 CVE-2017-3248 CVE-2018-2628 CVE-2018-2893 CVE-2018-3191 CVE-2018-3245

WeblogicScan Weblogic一键漏洞检测工具,V13 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 13功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR

WeblogicScan Weblogic一键漏洞检测工具,V13 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 13功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR

Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: Cisco Prime Infrastructure Java Deserialization RCE (CVE-2016-1291) IBM WebSphere Java Object Deserialization RCE (CVE-2015-7450) OpenNMS Java Object Deserialization RCE (No CVE ?) Jenkins CLI RMI Java Deserialization RCE

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

WeblogicScan 增强版WeblogicScan 从rabbitmask大佬的WeblogicScan V12 版本修改而来。 修改前源项目地址:githubcom/rabbitmask/WeblogicScan DEFF 支持Python3 修复漏洞检测误报,漏洞检测结果更精确 添加CVE-2019-2729, CVE-2019-2618漏洞检测 插件化漏洞扫描组件 添加彩色打印 INSTALL pip3 install -r requirementstxt

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains: READMEmd - vulnerability description and how to exploit it Intruders - a set of files to give to Burp Intrude

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

some_pocsuite 本项目是用于企业内部进行漏洞排查与验证的的pocsuite验证POC代码(Pocsuite是知道创宇安全团队的开源漏洞测试框架);参考了网上的开源代码并进行了修改。 插件代码编写 使用Pocsuite 漏洞测试框架,插件编写请参考 Pocsuite 项目插件编写要求;陆续扩充中 PoC 编写规范及要求

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description an

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a IRL Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability description and how to exploit it Intrud

Payloads All The Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability descriptio

Payloads_All_The_Things A list of useful payloads and bypasses for Web Application Security Feel free to improve with your payloads and techniques ! I <3 pull requests :) You can also contribute with a beer IRL or with buymeacoffeecom Every section contains the following files, you can use the _template_vuln folder to create a new chapter: READMEmd - vulnerability d

Jok3r v3 beta Network & Web Pentest Automation Framework wwwjok3r-frameworkcomWARNING: Project is still in version 3 BETA It is still under active development and bugs might be present Many tests are going on: see githubcom/koutto/jok3r/blob/master/tests/TESTSrst Ideas, bug reports, contributions are welcome ! Overview Features Demos Architecture