Oracle Weblogic Server Deserialization RCE - RMI UnicastRef

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object sun.rmi.server.UnicastRef to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle WebLogic 12.1.2.0 RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

Exploit for multiple platform in category web applications !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' --------------------------------------------------------------------------------------...

Oracle WebLogic 12.1.2.0 Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' -------------------------------------------------------------------------------------- Developped by bobsecq: [email protected]...

Exploit for CVE-2017-3248

exploits/weblogic/exploit-CVE-2017-3248-bobsecq.py The script...

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = '''...

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' -------------------------------------------------------------------------------------- Developped by bobsecq: [email protected]...

CVE-2017-3248

creationtimestamp| type| source ---|---|--- 2018-01-05 01:08:44+00:00| seen| MISP/5a4ecbf4-1b24-4a5f-9f4d-4b7c98036464 2018-09-19 17:28:51+00:00| seen| MISP/5ba281fe-cc88-4bf3-a9ef-3c290a021402 2019-04-01 23:24:03+00:00| seen|...

Oracle WebLogic Server UnicastRef Insecure Deserialization (CVE-2017-3248)

An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the UnicastRef class in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted...

CVE-2017-3248

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

CVE-2017-3248

CVE-2017-3248 affects Oracle WebLogic Server (Core Components) with affected versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1. It is a Java deserialization RCE in the WebLogic RMI Registry (UnicastRef) that can be exploited remotely for code execution and server takeover via unauthenticated networ...