Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3510Oracle Weblogic Server vulnerability

10 documents6 sources
Severity
9.8CRITICALNVD
EPSS
94.0%
top 0.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Weblogic Server
Timeline
PublishedJul 21
Latest updateMay 14

Description

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDoracle/weblogic_server10.3.6.0.0, 12.1.3.0.0, 12.2.1.0.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-33g3-59w3-q9cj: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102022-05-14
GHSA
GHSA-88m7-cp4v-hhw3: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102022-05-14
CVEList
CVE-2016-3510: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102016-07-21
CVEList
CVE-2016-3586: Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 102016-07-21

💥Exploits & PoCs

2
Metasploit
Oracle Weblogic Server Deserialization RCE - MarshalledObject
Nuclei
Oracle WebLogic Server Java Object Deserialization - Remote Code Execution

🕵️Threat Intelligence

2
Tenable
Hunting for Web Shells2016-12-20
Tenable
Hunting for Web Shells2016-12-20
CVE-2016-3510 — Oracle Weblogic Server vulnerability | cvebase