CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service WLS Security in Oracle WebLogic Server versions 12.2.1.2.0...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

CVE-2017-10271

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Security. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

CVE-2017-10271

CVE-2017-10271 is an input validation/deserialization flaw in Oracle WebLogic Server (WLS Security) that enables unauthenticated remote code execution. Affected products/versions per entries include Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, and 12.2.1.2.0. Public writeups and adv...

CVE-2017-10271 - Oracle WebLogic Server AsyncResponseService Deserialization Vulnerability

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Security. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

Unspecified Vulnerability in Oracle WebLogic Server (CNVD-2017-31499)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. Oracle WebLogic Server is one of the application server components for cloud and traditional...

Oracle WebLogic Server Java Object Deserialization RCE (October 2016 CPU)

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons File Upload library. An unauthenticated, remote attacker can exploit this, via a crafted a...

Code injection

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

CVE-2015-4852

CVE-2015-4852 describes a remote code execution in Oracle WebLogic Server via deserialization of untrusted data in the WLS Security component. A crafted serialized Java object (via Apache Commons Collections) in T3 protocol traffic to TCP port 7001 can execute arbitrary commands. Affected version...

CVE-2014-4255

CVE-2014-4255 affects Oracle WebLogic Server (Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0). The vulnerability is described as unspecified and related to WLS - Security and Policy, with partial impacts to confidentiality, integrity, and availability. Connected IBM advisory notes an IBM O...

CVE-2014-4255

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy...

CVE-2014-2470

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security...

CVE-2014-2470

CVE-2014-2470 is described in IBM OpenPages with Application Server security bulletin as an unspecified vulnerability in Oracle WebLogic Server related to the WLS Security component, affecting IBM OpenPages with Application Server 6.0–7.0. The IBM advisory associates the vulnerability with CVE-20...

CVE-2011-2318

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security...

Design/Logic Flaw

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security...

CVE-2011-2318

CVE-2011-2318 refers to an unspecified vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware versions 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 that allows local users to affect confidentiality (related to WLS Security). The description does not provide detai...

CVE-2011-2318

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security...