Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2017-10271

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

POC

Reference

- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

- https://www.exploit-db.com/exploits/43458/

- https://www.exploit-db.com/exploits/43924/

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0day666/Vulnerability-verification

- https://github.com/0x0d3ad/Kn0ck

- https://github.com/0xMrNiko/Awesome-Red-Teaming

- https://github.com/0xh4di/PayloadsAllTheThings

- https://github.com/0xn0ne/weblogicScanner

- https://github.com/1120362990/vulnerability-list

- https://github.com/1337g/CVE-2017-10271

- https://github.com/189569400/Meppo

- https://github.com/189569400/SecurityProduct

- https://github.com/1f3lse/taiE

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/20MH1A04H9/Cyber-Security-Projects

- https://github.com/3vikram/Application-Vulnerabilities-Payloads

- https://github.com/4ra1n/poc-runner

- https://github.com/5l1v3r1/CVE-2017-10274

- https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814

- https://github.com/84KaliPleXon3/Payloads_All_The_Things

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet

- https://github.com/AidoWedo/Awesome-Honeypots

- https://github.com/Al1ex/CVE-2017-10271

- https://github.com/Amar224/Pentest-Tools

- https://github.com/AnonVulc/Pentest-Tools

- https://github.com/ArrestX/--POC

- https://github.com/BrittanyKuhn/javascript-tutorial

- https://github.com/Bywalks/WeblogicScan

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Correia-jpv/fucking-awesome-honeypots

- https://github.com/CrackerCat/myhktools

- https://github.com/CybVulnHunter/nmap-guidelines

- https://github.com/Cymmetria/weblogic_honeypot

- https://github.com/Delishsploits/PayloadsAndMethodology

- https://github.com/Drun1baby/JavaSecurityLearning

- https://github.com/DynamicDesignz/Alien-Framework

- https://github.com/ETOCheney/JavaDeserialization

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/ExpLangcn/HVVExploitApply_POC

- https://github.com/Flerov/WindowsExploitDev

- https://github.com/FoolMitAh/WeblogicScan

- https://github.com/GhostTroops/TOP

- https://github.com/GhostTroops/myhktools

- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

- https://github.com/GuynnR/Payloads

- https://github.com/H1CH444MREB0RN/PenTest-free-tools

- https://github.com/Hackinfinity/Honey-Pots-

- https://github.com/Hatcat123/my_stars

- https://github.com/HimmelAward/Goby_POC

- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/JERRY123S/all-poc

- https://github.com/JackyTsuuuy/weblogic_wls_rce_poc-exp

- https://github.com/JasonLOU/WeblogicScan-master

- https://github.com/Jean-Francois-C/Windows-Penetration-Testing

- https://github.com/Jelbk/honeypot

- https://github.com/Kamiya767/CVE-2019-2725

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/KimJun1010/WeblogicTool

- https://github.com/Luffin/CVE-2017-10271

- https://github.com/Maarckz/PayloadParaTudo

- https://github.com/MacAsure/WL_Scan_GO

- https://github.com/Mehedi-Babu/honeypots_cyber

- https://github.com/Mehedi-Babu/pentest_tools_repo

- https://github.com/Micr067/CMS-Hunter

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/MrPWH/Pentest-Tools

- https://github.com/Muhammd/Awesome-Payloads

- https://github.com/NAYLINNU/PayloadAllTheThings

- https://github.com/Nieuport/-awesome-honeypots-

- https://github.com/Nieuport/PayloadsAllTheThings

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ondrik8/-Security

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PalindromeLabs/Java-Deserialization-CVEs

- https://github.com/ParrotSec-CN/ParrotSecCN_Community_QQbot

- https://github.com/Pasyware/Honeypot_Projects

- https://github.com/Pav-ksd-pl/PayloadsAllTheThings

- https://github.com/Prodject/Kn0ck

- https://github.com/QChiLan/weblogic

- https://github.com/QChiLan/weblogicscanner

- https://github.com/R0B1NL1N/Oracle-WebLogic-WLS-WSAT

- https://github.com/Ra7mo0on/PayloadsAllTheThings

- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories

- https://github.com/S3cur3Th1sSh1t/Pentest-Tools

- https://github.com/SecWiki/CMS-Hunter

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ShyTangerine/WL_Scan_GO

- https://github.com/SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961

- https://github.com/SuperHacker-liuan/cve-2017-10271-poc

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/Waseem27-art/ART-TOOLKIT

- https://github.com/Weik1/Artillery

- https://github.com/WingsSec/Meppo

- https://github.com/XHSecurity/Oracle-WebLogic-CVE-2017-10271

- https://github.com/XPR1M3/Payloads_All_The_Things

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/YellowVeN0m/Pentesters-toolbox

- https://github.com/Yuusuke4/WebLogic_CNVD_C_2019_48814

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZH3FENG/PoCs-Weblogic_2017_10271

- https://github.com/ZTK-009/RedTeamer

- https://github.com/Zero094/Vulnerability-verification

- https://github.com/aiici/weblogicAllinone

- https://github.com/amcai/myscan

- https://github.com/andrysec/PayloadsAllVulnerability

- https://github.com/anhtu97/PayloadAllEverything

- https://github.com/anquanscan/sec-tools

- https://github.com/apkadmin/PayLoadsAll

- https://github.com/arunima-rastogi-1/honeypots

- https://github.com/awake1t/Awesome-hacking-tools

- https://github.com/awsassets/weblogic_exploit

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/bigblackhat/oFx

- https://github.com/bigsizeme/weblogic-XMLDecoder

- https://github.com/birdhan/SecurityProduct

- https://github.com/birdhan/Security_Product

- https://github.com/bmcculley/CVE-2017-10271

- https://github.com/bright-angel/sec-repos

- https://github.com/c0mmand3rOpSec/CVE-2017-10271

- https://github.com/chanchalpatra/payload

- https://github.com/cjjduck/weblogic_wls_wsat_rce

- https://github.com/cqkenuo/Weblogic-scan

- https://github.com/cranelab/exploit-development

- https://github.com/cross2to/betaseclab_tools

- https://github.com/cved-sources/cve-2017-10271

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/diggid4ever/Weblogic-XMLDecoder-POC

- https://github.com/djytmdj/Tool_Summary

- https://github.com/do0dl3/myhktools

- https://github.com/dr0op/WeblogicScan

- https://github.com/elinakrmova/RedTeam-Tools

- https://github.com/emtee40/win-pentest-tools

- https://github.com/enomothem/PenTestNote

- https://github.com/eric-erki/awesome-honeypots

- https://github.com/falocab/PayloadsAllTheThings

- https://github.com/feiweiliang/XMLDecoder_unser

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/forhub2021/weblogicScanner

- https://github.com/gauss77/honeypot

- https://github.com/hack-parthsharma/Pentest-Tools

- https://github.com/hanc00l/some_pocsuite

- https://github.com/heane404/CVE_scan

- https://github.com/hellochunqiu/PayloadsAllTheThings

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/hktalent/myhktools

- https://github.com/hmoytx/weblogicscan

- https://github.com/huan-cdm/secure_tools_link

- https://github.com/hxysaury/saury-vulnhub

- https://github.com/ianxtianxt/-CVE-2017-10271-

- https://github.com/iceberg-N/WL_Scan_GO

- https://github.com/investlab/Awesome-honeypots

- https://github.com/iqrok/myhktools

- https://github.com/jared1981/More-Pentest-Tools

- https://github.com/jas502n/CNVD-C-2019-48814

- https://github.com/jas502n/cve-2019-2618

- https://github.com/jbmihoub/all-poc

- https://github.com/jiangsir404/POC-S

- https://github.com/jinhaozcp/weblogic

- https://github.com/jstang9527/gofor

- https://github.com/just0rg/Security-Interview

- https://github.com/kang9693/PoC_cve_list

- https://github.com/kbsec/Weblogic_Wsat_RCE

- https://github.com/kdandy/pentest_tools

- https://github.com/kenuoseclab/Weblogic-scan

- https://github.com/kingkaki/weblogic-scan

- https://github.com/kkirsche/CVE-2017-10271

- https://github.com/klausware/Java-Deserialization-Cheat-Sheet

- https://github.com/koutto/jok3r-pocs

- https://github.com/ksw9722/PayloadsAllTheThings

- https://github.com/langu-xyz/JavaVulnMap

- https://github.com/lanmaovp-dev/shexiangshi-cm-YVJsF2HuAHndPiLB

- https://github.com/lnick2023/nicenice

- https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master

- https://github.com/lp008/Hack-readme

- https://github.com/m1dsummer/AD-2021

- https://github.com/m5anksc0des/san_honeypot_resources

- https://github.com/maya6/-scan-

- https://github.com/merlinepedra/Pentest-Tools

- https://github.com/merlinepedra25/Pentest-Tools

- https://github.com/merlinepedra25/Pentest-Tools-1

- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet

- https://github.com/mrhacker51/ReverseShellCommands

- https://github.com/nevidimk0/PayloadsAllTheThings

- https://github.com/nihaohello/N-MiddlewareScan

- https://github.com/nitishbadole/Pentest_Tools

- https://github.com/oneplus-x/Sn1per

- https://github.com/oneplus-x/jok3r

- https://github.com/onewinner/VulToolsKit

- https://github.com/openx-org/BLEN

- https://github.com/papa-anniekey/CustomSignatures

- https://github.com/paralax/awesome-honeypots

- https://github.com/password520/RedTeamer

- https://github.com/pathakabhi24/Pentest-Tools

- https://github.com/paulveillard/cybersecurity-exploit-development

- https://github.com/paulveillard/cybersecurity-honeypots

- https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271

- https://github.com/pimps/CVE-2019-2725

- https://github.com/pizza-power/weblogic-CVE-2019-2729-POC

- https://github.com/pjgmonteiro/Pentest-tools

- https://github.com/pssss/CVE-2017-10271

- https://github.com/pwnagelabs/VEF

- https://github.com/q99266/saury-vulnhub

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/qi4L/WeblogicScan-go

- https://github.com/qi4L/WeblogicScan.go

- https://github.com/qince1455373819/awesome-honeypots

- https://github.com/r0eXpeR/redteam_vul

- https://github.com/r4b3rt/CVE-2017-10271

- https://github.com/rabbitmask/WeblogicScan

- https://github.com/rabbitmask/WeblogicScanLot

- https://github.com/rabbitmask/WeblogicScanServer

- https://github.com/rambleZzz/weblogic_CVE_2017_10271

- https://github.com/ranjan-prp/PayloadsAllTheThings

- https://github.com/ravijainpro/payloads_xss

- https://github.com/retr0-13/Pentest-Tools

- https://github.com/rockmelodies/rocComExpRce

- https://github.com/rupton/xmldecoder-demo

- https://github.com/s3xy/CVE-2017-10271

- https://github.com/safe6Sec/WeblogicVuln

- https://github.com/safe6Sec/wlsEnv

- https://github.com/sankitanitdgp/san_honeypot_resources

- https://github.com/seruling/weblogic-wsat-scan

- https://github.com/severnake/Pentest-Tools

- https://github.com/shack2/javaserializetools

- https://github.com/shanjijian/RIST

- https://github.com/sharifbinmostafa/honeypots

- https://github.com/shhimnothere/payloadsallthethings

- https://github.com/skytina/CNVD-C-2019-48814-COMMON

- https://github.com/sobinge/--1

- https://github.com/sobinge/PayloadsAllTheThings

- https://github.com/sobinge/PayloadsAllThesobinge

- https://github.com/sobinge/nuclei-templates

- https://github.com/soosmile/cms-V

- https://github.com/sp4zcmd/WeblogicExploit-GUI

- https://github.com/superfish9/pt

- https://github.com/svbjdbk123/-

- https://github.com/syadg123/WeblogicScan

- https://github.com/syedhafiz1234/honeypot-list

- https://github.com/t666/Honeypot

- https://github.com/tdcoming/Vulnerability-engine

- https://github.com/testwc/CVE-2017-10271

- https://github.com/theguly/stars

- https://github.com/theyoge/AD-Pentesting-Tools

- https://github.com/tomoyamachi/gocarts

- https://github.com/touchmycrazyredhat/myhktools

- https://github.com/trganda/starrlist

- https://github.com/trhacknon/myhktools

- https://github.com/unusualwork/Sn1per

- https://github.com/veo/vscan

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/winterwolf32/PayloadsAllTheThings

- https://github.com/wisoez/Awesome-honeypots

- https://github.com/wr0x00/Lizard

- https://github.com/wr0x00/Lsploit

- https://github.com/wukong-bin/weblogiscan

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/yaklang/vulinone

- https://github.com/yige666/CMS-Hunter

- https://github.com/zema1/oracle-vuln-crawler

- https://github.com/zyylhn/zscan-poc-check

- https://github.com/zzwlpx/weblogic