Описание
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-3248
- https://www.exploit-db.com/exploits/44998
- https://www.tenable.com/security/research/tra-2017-07
- https://www.vicarius.io/vsociety/posts/cve-2017-3248-detect-centos-weblogic-rce
- https://www.vicarius.io/vsociety/posts/cve-2017-3248-mitigate-centos-weblogic-rce
- http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
- http://www.securityfocus.com/bid/95465
- http://www.securitytracker.com/id/1037632
Связанные уязвимости
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
Уязвимость компонента Core Components программной платформы Oracle Fusion Middleware позволяющая нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации