CVE-2017-3248
Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
Vulnerabilidad en el componente Oracle WebLogic Server de Oracle Fusion Middleware (subcomponente: Core Components). Versiones compatibles que están afectadas son 10.3.6.0, 12.1.3.0, 12.2.1.0 y 12.2.1.1. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de T3, comprometer Oracle WebLogic Server. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Impactos de Confidencialidad, Integridad y Disponibilidad).
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the failure to properly validate user-supplied data which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2016-12-06 CVE Reserved
- 2017-01-24 CVE Published
- 2019-11-05 First Exploit
- 2024-10-09 CVE Updated
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html | X_refsource_misc |
|
| http://www.securityfocus.com/bid/95465 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037632 | Vdb Entry | |
| https://www.tenable.com/security/research/tra-2017-07 | X_refsource_misc | |
| - |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44998 | 2024-10-09 | |
| https://github.com/ianxtianxt/CVE-2017-3248 | 2019-11-05 | |
| https://github.com/BabyTeam1024/CVE-2017-3248 | 2021-09-03 |
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | 2019-04-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 10.3.6.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.6.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.1.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.1.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.1.0" | - |
Affected
| ||||||