Oracle
CVE-2017-10271
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
AnalysisAI
Oracle WebLogic Server allows unauthenticated remote code execution through the WLS Security component's T3 protocol, massively exploited for cryptocurrency mining and botnet recruitment from 2017 onward.
Technical ContextAI
The CWE-306 missing authentication vulnerability in WebLogic's T3 protocol handler allows unauthenticated attackers to send crafted XML payloads containing XMLDecoder deserialization gadgets. The server processes the untrusted XML, leading to arbitrary command execution as the WebLogic service account.
RemediationAI
Apply Oracle Critical Patch Update. Restrict T3 protocol access via network filtering. Deploy WebLogic's T3 connection filter to limit access to trusted hosts only. Disable XMLDecoder-based deserialization.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today