Back to KEVs

CVE-2017-10271

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 21, 2017
Published Date
October 19, 2017
Last Updated
October 04, 2024
Vendor
Oracle Corporation
Product
WebLogic Server
Description
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS Scores

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2022-02-10 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2018-07-06 08:32:28 UTC) Source
Used in Malware
Yes (added 2022-02-10 00:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/43458/ http://www.securitytracker.com/id/1039608 http://www.securityfocus.com/bid/101304 https://github.com/c0mmand3rOpSec/CVE-2017-10271 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://www.exploit-db.com/exploits/43924/

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-02-10 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/oracle_weblogic_wsat_deserialization_rce.rb 2025-04-29 11:01:22 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-10271.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

oracle_weblogic_wsat_deserialization_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2017-10271

Al1ex/CVE-2017-10271

Type: github • Created: 2020-11-18 02:31:18 UTC • Stars: 2

CVE-2017-10271

testwc/CVE-2017-10271

Type: github • Created: 2020-04-06 02:01:20 UTC • Stars: 0

CVE-2017-10271

ianxtianxt/-CVE-2017-10271-

Type: github • Created: 2019-11-05 13:33:56 UTC • Stars: 2

(CVE-2017-10271)Java反序列化漏洞

XHSecurity/Oracle-WebLogic-CVE-2017-10271

Type: github • Created: 2019-03-15 01:50:01 UTC • Stars: 1

原创作者:[email protected]

r4b3rt/CVE-2017-10271

Type: github • Created: 2018-12-20 03:17:51 UTC • Stars: 0

Weblogic(CVE-2017-10271)

lonehand/Oracle-WebLogic-CVE-2017-10271-master

Type: github • Created: 2018-07-06 08:32:28 UTC • Stars: 1

peterpeter228/Oracle-WebLogic-CVE-2017-10271

Type: github • Created: 2018-01-19 15:50:08 UTC • Stars: 0

WebLogic wls-wsat RCE CVE-2017-10271

pssss/CVE-2017-10271

Type: github • Created: 2018-01-16 03:10:48 UTC • Stars: 5

CVE-2017-10271 Weblogic 漏洞验证Poc及补丁

kkirsche/CVE-2017-10271

Type: github • Created: 2018-01-05 21:57:03 UTC • Stars: 126

Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)

Luffin/CVE-2017-10271

Type: github • Created: 2017-12-28 07:19:13 UTC • Stars: 29

CVE-2017-10271 POC

c0mmand3rOpSec/CVE-2017-10271

Type: github • Created: 2017-12-28 01:30:50 UTC • Stars: 142

WebLogic Exploit

s3xy/CVE-2017-10271

Type: github • Created: 2017-12-25 06:11:54 UTC • Stars: 22

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

1337g/CVE-2017-10271

Type: github • Created: 2017-12-23 13:04:23 UTC • Stars: 38

CVE-2017-10271 WEBLOGIC RCE (TESTED)