⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-08-10.

CVE-2017-10271

CWE-306Missing Authentication18 documents11 sources
7.5
CVSS
HIGH
EPSS94.4%(100th)
CISA KEVPublic ExploitExploited in WildRansomware Use
CISA Required Action: Apply updates per vendor instructions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDoracle/weblogic_server4 versions+3
CVEListV5oracle_corporation/weblogic_server4 versions+3
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N
NVDMITREPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-h7p4-68h5-84f3: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security)2022-05-13
CVEList
CVE-2017-10271: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security)2017-10-19
VulnCheck
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability2017

💥Exploits & PoCs

4
Exploit-DB
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)2018-01-29
Exploit-DB
Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution2018-01-03
Exploit-DB
Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution2017-12-26
Nuclei
Oracle WebLogic Server - Remote Command Execution

🔍Detection Rules

1
Suricata
ET COINMINER CoinMiner Malicious Authline Seen After CVE-2017-10271 Exploit2018-01-04

📋Vendor Advisories

1
CISA
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability2022-02-10

🕵️Threat Intelligence

5
Trendmicro
Cryptominers Target Patched 2017 Oracle WebLogic Bug2018-05-11
Trendmicro
Cryptominers Target Patched 2017 Oracle WebLogic Bug2018-05-11
Trendmicro
Cryptominers Target Patched 2017 Oracle WebLogic Bug2018-05-11
Trendmicro
Cryptominers Target Patched 2017 Oracle WebLogic Bug2018-05-11
Trendmicro
Cryptominers Target Patched 2017 Oracle WebLogic Bug2018-05-11

💬Community

2
HackerOne
Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]2021-04-25
HackerOne
RCE on █████ via CVE-2017-102712019-07-01
CVE-2017-10271 (HIGH CVSS 7.5) | Vulnerability in the Oracle WebLogi | cvebase.io