Oracle Weblogic Server 10.3.6.0 takeover Remote Code Execution Vulnerability

Summary

Oracle Weblogic Server is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition

Credit:

The information has been provided by Craig Blackie.
The original article can be found at: http://www.securityfocus.com/bid/95465


Details

Vulnerable Systems:
 * Oracle Weblogic Server 10.3.6.0
 * Oracle Weblogic Server 12.1.3.0
 * Oracle Weblogic Server 12.2.1.0
 * Oracle Weblogic Server 12.2.1.1

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).

CVE Information:
CVE-2017-3248

Disclosure Timeline:
Publish Date : 2017-01-27
Last Update Date : 2017-01-31

Categories: News