Vulnerability identifier: #VU9815

Vulnerability risk: Low

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-10271

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 16

• June 17, 2021
  • Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit) [Exploit-DB]
  • Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution [Exploit-DB]
  • Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution [Exploit-DB]
• April 12, 2021
  • cve-exploits () [Github]
• April 7, 2020
  • exphub (Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340) [Github]
  • Exploits (Containing Self Made Perl Reproducers / PoC Codes) [Github]
• March 18, 2020
  • CVE-2017-10271 (WebLogic Exploit) [Github]
  • Alien-Framework (Alien-Framework, it is a framework with many CVE exploits and tools to use in pen-testing.) [Github]
  • CVE-2017-10271 (Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)) [Github]
  • weblogic_wls_wsat_rce (forked from https://github.com/s3xy/CVE-2017-10271. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12. [Github]
  • CVE-2019-2725 (WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit ) [Github]
  • Oracle-WebLogic-WLS-WSAT (Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)) [Github]
  • CVE-2017-10271 (Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)) [Github]
  • CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability al [Github]
  • Oracle Weblogic Server Deserialization RCE - AsyncResponseService [Metasploit]
  • Oracle WebLogic wls-wsat Component Deserialization RCE [Metasploit]

Impact: Denial of service

Vulnerable software:
Oracle WebLogic Server
Server applications / Application servers

Vendor: Oracle