CyberSec.Space Logo
Back to CVE Browser

CVE-2017-10137

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile35.23th
PublishedAug 8, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

πŸ“¦
Oracle

Weblogic Server

= 10.3.6.0.0
πŸ“¦
Oracle

Weblogic Server

= 12.1.3.0.0

References & Advisories

πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
πŸ”— http://www.securityfocus.com/bid/99634
πŸ”— http://www.securitytracker.com/id/1038939
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
πŸ”— http://www.securityfocus.com/bid/99634
πŸ”— http://www.securitytracker.com/id/1038939

Related Vulnerabilities

CVE-2003-064010.0

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use...

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...