CVSS: 7.5EPSS: 13%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
18 Oct 2018 — Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This ... • http://www.securityfocus.com/bid/105703 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 91%CPEs: 3EXPL: 5CVE-2018-3191
https://notcve.org/view.php?id=CVE-2018-3191
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://github.com/Libraggbond/CVE-2018-3191 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2902
https://notcve.org/view.php?id=CVE-2018-2902
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2018-3213
https://notcve.org/view.php?id=CVE-2018-3213
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confident... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 9.8EPSS: 91%CPEs: 3EXPL: 5CVE-2018-3245 – Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
https://notcve.org/view.php?id=CVE-2018-3245
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://packetstorm.news/files/id/152014 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-3248
https://notcve.org/view.php?id=CVE-2018-3248
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle W... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-3249
https://notcve.org/view.php?id=CVE-2018-3249
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3250
https://notcve.org/view.php?id=CVE-2018-3250
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful atta... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 9.8EPSS: 84%CPEs: 3EXPL: 3CVE-2018-3252 – Gentoo Linux Security Advisory 201908-24
https://notcve.org/view.php?id=CVE-2018-3252
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • https://github.com/pyn3rd/CVE-2018-3252 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2018-2933 – Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues
https://notcve.org/view.php?id=CVE-2018-2933
20 Jul 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ... • https://packetstorm.news/files/id/148623 •