Oracle Weblogic Server Deserialization RCE - MarshalledObject

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object weblogic.corba.utils.MarshalledObject to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2016-3510

creationtimestamp| type| source ---|---|--- 2018-01-05 01:08:45+00:00| seen| MISP/5a4ecbf4-1b24-4a5f-9f4d-4b7c98036464 2019-04-01 19:20:28+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/weblogicdeserializemarshalledobject.rb 2023-11-10...

CVE-2016-3586

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3510...

CVE-2016-3510

CVE-2016-3510 is a remote-code-execution vulnerability in Oracle WebLogic Server (Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0) via deserialization in the WLS Core Components. An unauthenticated attacker can exploit a crafted serialized object (MarshalledObject) sent to the WebLogic T3 i...