CVE-2017-10271

Confirmed PUBLISHED

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are...

Oracle Corporation · WebLogic Server
Exploited in the wild Active exploitation observed Used in malware PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
116
Unique Attacker IPs
26
CISA KEV
In CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
7.5 High EPSS 100.0%

At a Glance

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

malware cisa metasploit nuclei_scanner ransomware
CVE Published
Oct 19, 2017
Exploitation Reported
Feb 10, 2022
CVSS
7.5 High
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Oracle Corporation
WebLogic Server

10.3.6.0.0

Affected
Oracle Corporation
WebLogic Server

12.1.3.0.0

Affected
Oracle Corporation
WebLogic Server

12.2.1.1.0

Affected
Oracle Corporation
WebLogic Server

12.2.1.2.0

Affected

CVE References

  • 43458 exploit-db.com · Exploit https://www.exploit-db.com/exploits/43458/
  • 43924 exploit-db.com · Exploit https://www.exploit-db.com/exploits/43924/
  • 1039608 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1039608
  • 101304 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/101304
  • GitHub — c0mmand3rOpSec/CVE-2017-10271 github.com · CVE Record https://github.com/c0mmand3rOpSec/CVE-2017-10271
Show 1 more reference

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.