Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2375 — Weblogic Server vulnerability

4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

16.2%

top 5.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

BEA Weblogic Server BEA Systems Weblogic Server Oracle Weblogic Server

Timeline

PublishedJul 13

Latest updateMay 14

Description

Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDoracle/weblogic_server10.3.2.0.0, 10.3.3.0.0+1

▶NVDbea/weblogic_server5 versions+4

▶NVDbea_systems/weblogic_server10.0

🔴Vulnerability Details

GHSA

GHSA-m2g8-vmgj-6gxf: Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware↗2022-05-14

▶

CVEList

CVE-2010-2375: Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware↗2010-07-13

▶

💥Exploits & PoCs

Exploit-DB

Oracle WebLogic Server 10.3.3 - Encoded URL↗2010-07-13

▶