CVEブラウザに戻る

CVE-2017-10271

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score94.3030%

EPSS Percentile91.87th

Published2017年10月19日

Last Modified2026年4月21日

Vulnerability Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Affected Platforms (CPE)

📦

Oracle

Weblogic Server

= 10.3.6.0.0

📦

Oracle

Weblogic Server

= 12.1.3.0.0

📦

Oracle

Weblogic Server

= 12.2.1.1.0

📦

Oracle

Weblogic Server

= 12.2.1.2.0

References & Advisories

🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

🔗 http://www.securityfocus.com/bid/101304

🔗 http://www.securitytracker.com/id/1039608

🔗 https://github.com/c0mmand3rOpSec/CVE-2017-10271

🔗 https://www.exploit-db.com/exploits/43458/

🔗 https://www.exploit-db.com/exploits/43924/

🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

🔗 http://www.securityfocus.com/bid/101304

関連する脆弱性情報

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2003-064010.0

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...