CVE Tools

Description

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

In plain language

AI Act now

CVE-2017-10271 is a WebLogic Server flaw that can be exploited from the network to take over servers, and because it has been used in real ransomware activity, typical small businesses running WebLogic should act now.

Executive summary

CVE-2017-10271 is an unauthenticated remote compromise of Oracle WebLogic Server (WLS Security) exposed over T3; it enables attacker-driven takeover that has been observed in ransomware campaigns (CISA KEV).

If affected, business impact
Full WebLogic server takeoverService outage or disruptionRansomware footholdMalicious remote control

What to do now

  1. Check whether your business uses Oracle WebLogic Server in affected versions: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, or 12.2.1.2.0.
  2. If you are affected, obtain the Oracle CPU guidance for CVE-2017-10271 and plan the upgrade path from your Oracle support/download channel.
  3. Upgrade WebLogic Server to the vendor-fixed release described in Oracle’s CPU remediation instructions for CVE-2017-10271 (follow the exact version/patch steps for your branch).
  4. If you cannot patch immediately, restrict network access so that the T3 channel is not reachable from the internet and only allowed from trusted networks (per Oracle’s security guidance), then re-check exposure after changes.
Patch / advisory Some work to apply

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High

Weaknesses

Affected Products

Oracle Corporation
commercial·USaka Oracle Corp., oracle
and 2 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Feb 10, 2022
Remediation due:Aug 10, 2022
Ransomware:Known ransomware use

Required action: Apply updates per vendor instructions.

3 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

2 techniques
Initial Access
View detailed technique mapping

References

and 7 more references View all →
Could not load news mentions.

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2017-10271 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows