CVE-2016-3510
Published on: 07/21/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:02 PM UTC
Certain versions of Weblogic Server from Oracle contain the following vulnerability:
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
- CVE-2016-3510 has been assigned by
[email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 10 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Oracle Critical Patch Update - July 2016 | Patch Vendor Advisory www.oracle.com text/html |
![]() |
[R1] Oracle WebLogic Server weblogic.corba.utils.MarshallObject Java Deserialization Remote Code Execution - Research Advisory | Tenable® | www.tenable.com text/html |
![]() |
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Oracle WebLogic Server Flaws Let Remote Users Deny Service and Gain Elevated Privileges - SecurityTracker | www.securitytracker.com text/html |
![]() |
Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
Exploit/POC from Github
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、C…
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Oracle | Weblogic Server | 10.3.6.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.2.1.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 10.3.6.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
Application | Oracle | Weblogic Server | 12.2.1.0.0 | All | All | All |
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE