### [CVE-2017-3506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3506)
![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=10.3.6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.3.6.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.1.3.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.1.3.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.2.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.2.1.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.2.1.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.2.1.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.2.1.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=12.2.1.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Difficult%20to%20exploit%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20HTTP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20creation%2C%20deletion%20or%20modification%20access%20to%20critical%20data%20or%20all%20Oracle%20WebLogic%20Server%20accessible%20data%20as%20well%20as%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20WebLogic%20Server%20accessible%20data.&color=brightgreen)

### Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

### POC

#### Reference
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

#### Github
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0xn0ne/weblogicScanner
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/5l1v3r1/CVE-2017-10274
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Al1ex/CVE-2017-3506
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/Bywalks/WeblogicScan
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ChalkingCode/ExploitedDucks
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/TOP
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/Hatcat123/my_stars
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/JasonLOU/WeblogicScan-master
- https://github.com/Kamiya767/CVE-2019-2725
- https://github.com/MacAsure/WL_Scan_GO
- https://github.com/Maskhe/javasec
- https://github.com/Micr067/CMS-Hunter
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Ostorlab/KEV
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/ParrotSec-CN/ParrotSecCN_Community_QQbot
- https://github.com/QChiLan/weblogic
- https://github.com/QChiLan/weblogicscanner
- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories
- https://github.com/SecWiki/CMS-Hunter
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShyTangerine/WL_Scan_GO
- https://github.com/Weik1/Artillery
- https://github.com/XHSecurity/Oracle-WebLogic-CVE-2017-10271
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/RedTeamer
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/aiici/weblogicAllinone
- https://github.com/awake1t/Awesome-hacking-tools
- https://github.com/bigblackhat/oFx
- https://github.com/bmcculley/CVE-2017-10271
- https://github.com/cqkenuo/Weblogic-scan
- https://github.com/cross2to/betaseclab_tools
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/diggid4ever/Weblogic-XMLDecoder-POC
- https://github.com/djytmdj/Tool_Summary
- https://github.com/dr0op/WeblogicScan
- https://github.com/feiweiliang/XMLDecoder_unser
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/forhub2021/weblogicScanner
- https://github.com/heane404/CVE_scan
- https://github.com/hktalent/TOP
- https://github.com/hmoytx/weblogicscan
- https://github.com/huan-cdm/secure_tools_link
- https://github.com/ianxtianxt/CVE-2017-3506
- https://github.com/iceberg-N/WL_Scan_GO
- https://github.com/jbmihoub/all-poc
- https://github.com/kenuoseclab/Weblogic-scan
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/koutto/jok3r-pocs
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/lanmaovp-dev/shexiangshi-cm-YVJsF2HuAHndPiLB
- https://github.com/lnick2023/nicenice
- https://github.com/lonehand/Oracle-WebLogic-CVE-2017-10271-master
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/nihaohello/N-MiddlewareScan
- https://github.com/north-vuln-intel/nuclei-nvi
- https://github.com/openx-org/BLEN
- https://github.com/password520/RedTeamer
- https://github.com/peterpeter228/Oracle-WebLogic-CVE-2017-10271
- https://github.com/pimps/CVE-2019-2725
- https://github.com/pwnagelabs/VEF
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/qi4L/WeblogicScan-go
- https://github.com/qi4L/WeblogicScan.go
- https://github.com/rabbitmask/WeblogicScan
- https://github.com/rabbitmask/WeblogicScanLot
- https://github.com/rabbitmask/WeblogicScanServer
- https://github.com/safe6Sec/WeblogicVuln
- https://github.com/safe6Sec/wlsEnv
- https://github.com/sahabrifki/erpscan
- https://github.com/soosmile/cms-V
- https://github.com/superfish9/pt
- https://github.com/syadg123/WeblogicScan
- https://github.com/tanjiti/sec_profile
- https://github.com/theguly/stars
- https://github.com/trganda/starrlist
- https://github.com/veo/vscan
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoadmin/pocs
- https://github.com/wr0x00/Lizard
- https://github.com/wr0x00/Lsploit
- https://github.com/wukong-bin/weblogiscan
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/yige666/CMS-Hunter
- https://github.com/zema1/oracle-vuln-crawler
- https://github.com/zzwlpx/weblogic