Oracle Weblogic Server takeover Remote Code Execution Vulnerability


Oracle Weblogic Server is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition


The information has been provided by Craig Blackie.
The original article can be found at:


Vulnerable Systems:
 * Oracle Weblogic Server
 * Oracle Weblogic Server
 * Oracle Weblogic Server
 * Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are,, and Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).

CVE Information:

Disclosure Timeline:
Publish Date : 2017-01-27
Last Update Date : 2017-01-31

Categories: News