Published: 21/07/2016 Updated: 01/04/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote malicious users to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.1.3.0.0
oracle weblogic server 12.2.1.0.0
oracle weblogic server 10.3.6.0.0

exploit for T3 rce （CVE 2015-4852 \CVE 2016-0638 \CVE 2016-3510）

weblogic t3 漏洞利用相关java脚本用图：和python直接配合ysoserial的poc相比复杂很多，但是此项目的主要目的是学习java内部构造相关t3结构的过程，以及后续结合相关源码测试相关回显思路。 first commit: 支持（CVE 2015-4852 \CVE 2016-0638 \CVE 2016-3510）

CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC

Preface 文章详细分析了Weblogic历史从CVE-2015至CVE-2019相关历史漏洞，并整理相关POC于[Weblogic_Vuln](githubcom/zhzhdoai/Weblogic_Vulngit)记录学习Java反序列化漏洞的心得笔记欢迎start、issue Weblogic_Vuln CVE-2015-4852、CVE-2016-0638、CVE-2016-3510、CVE-2019-2890漏洞POC持续跟新

CVE-2016-3510

NVD-CWE-noinfo http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 https://www.tenable.com/security/research/tra-2016-21 http://www.securitytracker.com/id/1036373 http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/minhangxiaohui/Weblogic_direct_T3_Rces

CVE-2016-3510

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect