### [CVE-2017-10271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10271)
![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.3.6.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20takeover%20of%20Oracle%20WebLogic%20Server.&color=brighgreen)

### Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.exploit-db.com/exploits/43458/
- https://www.exploit-db.com/exploits/43924/

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0x0d3ad/Kn0ck
- https://github.com/0xMrNiko/Awesome-Red-Teaming
- https://github.com/0xh4di/PayloadsAllTheThings
- https://github.com/0xn0ne/weblogicScanner
- https://github.com/1120362990/vulnerability-list
- https://github.com/1337g/CVE-2017-10271
- https://github.com/189569400/Meppo
- https://github.com/1f3lse/taiE
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/3vikram/Application-Vulnerabilities-Payloads
- https://github.com/5l1v3r1/CVE-2017-10274
- https://github.com/7kbstorm/WebLogic_CNVD_C2019_48814
- https://github.com/84KaliPleXon3/Payloads_All_The_Things
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/AidoWedo/Awesome-Honeypots
- https://github.com/Al1ex/CVE-2017-10271
- https://github.com/Amar224/Pentest-Tools
- https://github.com/AnonVulc/Pentest-Tools
- https://github.com/ArrestX/--POC
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/Bywalks/WeblogicScan
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Correia-jpv/fucking-awesome-honeypots
- https://github.com/CrackerCat/myhktools
- https://github.com/Cymmetria/weblogic_honeypot
- https://github.com/Delishsploits/PayloadsAndMethodology
- https://github.com/Drun1baby/JavaSecurityLearning
- https://github.com/DynamicDesignz/Alien-Framework
- https://github.com/ETOCheney/JavaDeserialization
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/ExpLangcn/HVVExploitApply_POC
- https://github.com/Flerov/WindowsExploitDev
- https://github.com/FoolMitAh/WeblogicScan
- https://github.com/GhostTroops/TOP
- https://github.com/GhostTroops/myhktools
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/GuynnR/Payloads
- https://github.com/H1CH444MREB0RN/PenTest-free-tools
- https://github.com/Hackinfinity/Honey-Pots-
- https://github.com/Hatcat123/my_stars
- https://github.com/HimmelAward/Goby_POC
- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools
- https://github.com/JERRY123S/all-poc
- https://github.com/JackyTsuuuy/weblogic_wls_rce_poc-exp
- https://github.com/Jean-Francois-C/Windows-Penetration-Testing
- https://github.com/Kamiya767/CVE-2019-2725
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/KimJun1010/WeblogicTool
- https://github.com/Luffin/CVE-2017-10271
- https://github.com/Maarckz/PayloadParaTudo
- https://github.com/MacAsure/WL_Scan_GO
- https://github.com/Mehedi-Babu/honeypots_cyber
- https://github.com/Mehedi-Babu/pentest_tools_repo
- https://github.com/Micr067/CMS-Hunter
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Muhammd/Awesome-Payloads
- https://github.com/Nieuport/-awesome-honeypots-
- https://github.com/Nieuport/PayloadsAllTheThings
- https://github.com/Ondrik8/-Security
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/ParrotSec-CN/ParrotSecCN_Community_QQbot
- https://github.com/Pasyware/Honeypot_Projects
- https://github.com/Pav-ksd-pl/PayloadsAllTheThings
- https://github.com/Prodject/Kn0ck
- https://github.com/R0B1NL1N/Oracle-WebLogic-WLS-WSAT
- https://github.com/Ra7mo0on/PayloadsAllTheThings
- https://github.com/S3cur3Th1sSh1t/Pentest-Tools
- https://github.com/SecWiki/CMS-Hunter
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Waseem27-art/ART-TOOLKIT
- https://github.com/Weik1/Artillery
- https://github.com/WingsSec/Meppo
- https://github.com/XHSecurity/Oracle-WebLogic-CVE-2017-10271
- https://github.com/XPR1M3/Payloads_All_The_Things
- https://github.com/YellowVeN0m/Pentesters-toolbox
- https://github.com/Yuusuke4/WebLogic_CNVD_C_2019_48814
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZH3FENG/PoCs-Weblogic_2017_10271
- https://github.com/ZTK-009/RedTeamer
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/aiici/weblogicAllinone
- https://github.com/amcai/myscan
- https://github.com/andrysec/PayloadsAllVulnerability
- https://github.com/anhtu97/PayloadAllEverything
- https://github.com/anquanscan/sec-tools
- https://github.com/apkadmin/PayLoadsAll
- https://github.com/awake1t/Awesome-hacking-tools
- https://github.com/awsassets/weblogic_exploit
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bigblackhat/oFx
- https://github.com/bigsizeme/weblogic-XMLDecoder
- https://github.com/birdhan/SecurityProduct
- https://github.com/birdhan/Security_Product
- https://github.com/bmcculley/CVE-2017-10271
- https://github.com/c0mmand3rOpSec/CVE-2017-10271
- https://github.com/chanchalpatra/payload
- https://github.com/cjjduck/weblogic_wls_wsat_rce
- https://github.com/cqkenuo/Weblogic-scan
- https://github.com/cranelab/exploit-development
- https://github.com/cross2to/betaseclab_tools
- https://github.com/cved-sources/cve-2017-10271
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/diggid4ever/Weblogic-XMLDecoder-POC
- https://github.com/djytmdj/Tool_Summary
- https://github.com/do0dl3/myhktools
- https://github.com/dr0op/WeblogicScan
- https://github.com/elinakrmova/RedTeam-Tools
- https://github.com/emtee40/win-pentest-tools
- https://github.com/enomothem/PenTestNote
- https://github.com/eric-erki/awesome-honeypots
- https://github.com/falocab/PayloadsAllTheThings
- https://github.com/feiweiliang/XMLDecoder_unser
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/forhub2021/weblogicScanner
- https://github.com/hack-parthsharma/Pentest-Tools
- https://github.com/hanc00l/some_pocsuite
- https://github.com/heane404/CVE_scan
- https://github.com/hellochunqiu/PayloadsAllTheThings
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/hktalent/myhktools
- https://github.com/hmoytx/weblogicscan
- https://github.com/huan-cdm/secure_tools_link
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/ianxtianxt/-CVE-2017-10271-
- https://github.com/iceberg-N/WL_Scan_GO
- https://github.com/investlab/Awesome-honeypots
- https://github.com/iqrok/myhktools
- https://github.com/jared1981/More-Pentest-Tools
- https://github.com/jas502n/CNVD-C-2019-48814
- https://github.com/jas502n/cve-2019-2618
- https://github.com/jbmihoub/all-poc
- https://github.com/jiangsir404/POC-S
- https://github.com/jinhaozcp/weblogic
- https://github.com/jstang9527/gofor
- https://github.com/just0rg/Security-Interview
- https://github.com/kbsec/Weblogic_Wsat_RCE
- https://github.com/kdandy/pentest_tools
- https://github.com/kenuoseclab/Weblogic-scan
- https://github.com/kingkaki/weblogic-scan
- https://github.com/kkirsche/CVE-2017-10271
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/koutto/jok3r-pocs
- https://github.com/ksw9722/PayloadsAllTheThings
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/lnick2023/nicenice
- https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master
- https://github.com/lp008/Hack-readme
- https://github.com/m1dsummer/AD-2021
- https://github.com/maya6/-scan-
- https://github.com/merlinepedra/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools-1
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/mrhacker51/ReverseShellCommands
- https://github.com/nevidimk0/PayloadsAllTheThings
- https://github.com/nihaohello/N-MiddlewareScan
- https://github.com/nitishbadole/Pentest_Tools
- https://github.com/oneplus-x/Sn1per
- https://github.com/oneplus-x/jok3r
- https://github.com/onewinner/VulToolsKit
- https://github.com/openx-org/BLEN
- https://github.com/papa-anniekey/CustomSignatures
- https://github.com/paralax/awesome-honeypots
- https://github.com/password520/RedTeamer
- https://github.com/pathakabhi24/Pentest-Tools
- https://github.com/paulveillard/cybersecurity-exploit-development
- https://github.com/paulveillard/cybersecurity-honeypots
- https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271
- https://github.com/pimps/CVE-2019-2725
- https://github.com/pizza-power/weblogic-CVE-2019-2729-POC
- https://github.com/pjgmonteiro/Pentest-tools
- https://github.com/pssss/CVE-2017-10271
- https://github.com/pwnagelabs/VEF
- https://github.com/q99266/saury-vulnhub
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/qi4L/WeblogicScan.go
- https://github.com/qince1455373819/awesome-honeypots
- https://github.com/r0eXpeR/redteam_vul
- https://github.com/r4b3rt/CVE-2017-10271
- https://github.com/rabbitmask/WeblogicScan
- https://github.com/rabbitmask/WeblogicScanLot
- https://github.com/rabbitmask/WeblogicScanServer
- https://github.com/rambleZzz/weblogic_CVE_2017_10271
- https://github.com/ranjan-prp/PayloadsAllTheThings
- https://github.com/ravijainpro/payloads_xss
- https://github.com/retr0-13/Pentest-Tools
- https://github.com/rockmelodies/rocComExpRce
- https://github.com/s3xy/CVE-2017-10271
- https://github.com/safe6Sec/WeblogicVuln
- https://github.com/safe6Sec/wlsEnv
- https://github.com/sankitanitdgp/san_honeypot_resources
- https://github.com/seruling/weblogic-wsat-scan
- https://github.com/severnake/Pentest-Tools
- https://github.com/shack2/javaserializetools
- https://github.com/skytina/CNVD-C-2019-48814-COMMON
- https://github.com/sobinge/--1
- https://github.com/sobinge/PayloadsAllTheThings
- https://github.com/sobinge/PayloadsAllThesobinge
- https://github.com/sobinge/nuclei-templates
- https://github.com/soosmile/cms-V
- https://github.com/sp4zcmd/WeblogicExploit-GUI
- https://github.com/superfish9/pt
- https://github.com/svbjdbk123/-
- https://github.com/syedhafiz1234/honeypot-list
- https://github.com/t666/Honeypot
- https://github.com/tdcoming/Vulnerability-engine
- https://github.com/testwc/CVE-2017-10271
- https://github.com/theyoge/AD-Pentesting-Tools
- https://github.com/tomoyamachi/gocarts
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trganda/starrlist
- https://github.com/trhacknon/myhktools
- https://github.com/unusualwork/Sn1per
- https://github.com/veo/vscan
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/PayloadsAllTheThings
- https://github.com/wisoez/Awesome-honeypots
- https://github.com/wr0x00/Lizard
- https://github.com/wr0x00/Lsploit
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/yaklang/vulinone
- https://github.com/yige666/CMS-Hunter
- https://github.com/zema1/oracle-vuln-crawler
- https://github.com/zyylhn/zscan-poc-check
- https://github.com/zzwlpx/weblogic