### [CVE-2021-2109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2109)
![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.3.6.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20takeover%20of%20Oracle%20WebLogic%20Server.&color=brighgreen)

### Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

### POC

#### Reference
- http://packetstormsecurity.com/files/161053/Oracle-WebLogic-Server-14.1.1.0-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpujan2021.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0x783kb/Security-operation-book
- https://github.com/189569400/Meppo
- https://github.com/1n7erface/PocList
- https://github.com/20142995/Goby
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Al1ex/CVE-2021-2109
- https://github.com/AnonymouID/POC
- https://github.com/ArrestX/--POC
- https://github.com/Astrogeorgeonethree/Starred
- https://github.com/Astrogeorgeonethree/Starred2
- https://github.com/Atem1988/Starred
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/Drun1baby/JavaSecurityLearning
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Groot-Space/log4j-explain
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/H4ckTh3W0r1d/Goby_POC
- https://github.com/HimmelAward/Goby_POC
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
- https://github.com/Loginsoft-Research/Linux-Exploit-Detection
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Shadowven/Vulnerability_Reproduction
- https://github.com/Threekiii/Awesome-POC
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WingsSec/Meppo
- https://github.com/Yang0615777/PocList
- https://github.com/Z0fhack/Goby_POC
- https://github.com/coco0x0a/CVE-2021-2109
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dinosn/CVE-2021-2109
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/gnarkill78/CSA_S2_2024
- https://github.com/hktalent/bug-bounty
- https://github.com/huike007/penetration_poc
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/luck-ying/Library-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/r00t4dm/r00t4dm
- https://github.com/r0eXpeR/redteam_vul
- https://github.com/rabbitsafe/CVE-2021-2109
- https://github.com/somatrasss/weblogic2021
- https://github.com/soosmile/POC
- https://github.com/sp4zcmd/WeblogicExploit-GUI
- https://github.com/superfish9/pt
- https://github.com/tijldeneut/Security
- https://github.com/trhacknon/Pocingit
- https://github.com/tzwlhack/Vulnerability
- https://github.com/veo/vscan
- https://github.com/vulai-huaun/VTI-comal
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xanszZZ/pocsuite3-poc
- https://github.com/xiaoyaovo/2021SecWinterTask
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/yuaneuro/CVE-2021-2109_poc
- https://github.com/yyzsec/2021SecWinterTask
- https://github.com/zecool/cve