Oracle Weblogic Server vulnerabilities

CVE-2015-9251 [MEDIUM] CWE-79 CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax req jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2017-15707 [MEDIUM] CWE-20 CVE-2017-15707: In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulne In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

CVE-2016-8610 [HIGH] CWE-400 CVE-2016-8610: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the w A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

CVE-2017-10352 [CRITICAL] CVE-2017-10352: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. W

CVE-2017-10271 [HIGH] CWE-306 CVE-2017-10271: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks

CVE-2017-10152 [MEDIUM] CWE-200 CVE-2017-10152: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerabilit

CVE-2017-10336 [MEDIUM] CVE-2017-10336: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of

CVE-2017-10334 [MEDIUM] CWE-200 CVE-2017-10334: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful atta

CVE-2017-10137 [CRITICAL] CVE-2017-10137: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JND Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, att

CVE-2017-10147 [HIGH] CVE-2017-10147: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Cor Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Or

CVE-2017-10178 [MEDIUM] CVE-2017-10178: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require hum

CVE-2017-10123 [MEDIUM] CVE-2017-10123: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthor

CVE-2017-10063 [MEDIUM] CVE-2017-10063: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vu

CVE-2017-10148 [MEDIUM] CVE-2017-10148: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Cor Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in

CVE-2017-3531 [HIGH] CVE-2017-3531: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Ser Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). Supported versions that are affected are 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in

CVE-2017-3506 [HIGH] CWE-78 CVE-2017-3506: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attac

CVE-2017-5645 [CRITICAL] CWE-502 CVE-2017-5645: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CVE-2016-7103 [MEDIUM] CWE-79 CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVE-2017-5638 [CRITICAL] CWE-755 CVE-2017-5638: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has in The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild i

CVE-2017-3248 [CRITICAL] CVE-2017-3248: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Cor Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vul