⚠ Actively exploited
Added to CISA KEV on 2024-06-03. Federal agencies required to patch by 2024-06-24. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2017-3506OS Command Injection in Corporation Weblogic Server

CWE-78OS Command Injection30 documents13 sources
Severity
7.4HIGHNVD
EPSS
94.4%
top 0.03%
CISA KEV
KEV
Added 2024-06-03
Due 2024-06-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Oracle Corporation Weblogic ServerOracle Weblogic Server
Timeline
PublishedApr 24
KEV addedJun 3
KEV dueJun 24
Latest updateSep 22
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server acc

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

NVDoracle/weblogic_server5 versions+4
CVEListV5oracle_corporation/weblogic_server5 versions+4

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-2f3c-chf6-54v5: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)2022-05-13
CVEList
CVE-2017-3506: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)2017-04-24
VulnCheck
Oracle WebLogic Server OS Command Injection Vulnerability2017

💥Exploits & PoCs

1
Nuclei
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Oracle WebLogic Server OS Command Injection Attempt Inbound (CVE-2017-3506)2023-09-26

📋Vendor Advisories

1
CISA
Oracle WebLogic Server OS Command Injection Vulnerability2024-06-03

🕵️Threat Intelligence

20
Greynoiseio
Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day2025-05-27
Trendmicro
Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer2024-06-28
Trendmicro
Decoding Water Sigbin's Latest Obfuscation Tricks2024-05-30
Trendmicro
8220 Gang Evolves With New Strategies2023-05-16
Trendmicro
8220 Gang Evolves With New Strategies2023-05-16

📄Research Papers

2
arXiv
AEAS: Actionable Exploit Assessment System2025-09-22
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights2024-07-31

💬Community

1
HackerOne
Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-3506]2021-04-25
CVE-2017-3506 — OS Command Injection | cvebase