CVSS: 9.8EPSS: 8%CPEs: 4EXPL: 0CVE-2016-5535 – Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5535
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0 y 12.2.1.1 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the use of Apache Commons DiskFileItem. It is possible to execute arbitrary commands upon deserialization of untrusted data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93692 http://www.securitytracker.com/id/1037052 https://www.tenable.com/security/research/tra-2016-33 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3505
https://notcve.org/view.php?id=CVE-2016-3505
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0 y 12.2.1.0 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con JavaServer Faces. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93708 http://www.securitytracker.com/id/1037052 •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2016-5531
https://notcve.org/view.php?id=CVE-2016-5531
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0 y 12.2.1.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con WLS-WebServices. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93730 http://www.securitytracker.com/id/1037052 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3445
https://notcve.org/view.php?id=CVE-2016-3445
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0 y 12.1.3.0 permite a atacantes remotos afectar la disponibilidad a través de vectores relacionados con Web Container, una vulnerabilidad diferente a CVE-2016-5488. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036373 •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 1CVE-2016-3510 – Oracle WebLogic JBoss Interceptors Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3510
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.3.0 y 12.2.1.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con WLS Core Components, una vulnerabilidad diferente a CVE-2016-3586. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists in the use of JBoss Interceptors library. By sending a specially crafted request, the application can be made to deserialize untrusted data during the handling of the request. • https://github.com/BabyTeam1024/CVE-2016-3510 http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036373 https://www.tenable.com/security/research/tra-2016-21 - •