CVE-2017-3248

CVE Database · CVE-2017-3248

CVE-2017-3248

· N/AModified

CVSS v3.1

N/A

EPSS

97.25%

Published

Jan 27, 2017

Modified

May 12, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBOracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).

Affected Products (4)

oracle · weblogic_servervulnerable

References (14)

http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

PatchVendor Advisory

http://www.securityfocus.com/bid/95465

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037632

https://www.exploit-db.com/exploits/44998/

https://www.tenable.com/security/research/tra-2017-07

http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

KEV Catalog EPSS Scores Vendors All CVEs