CVE-2016-3510
CVE-2016-3510
Corrige pronto. tiene exploit funcional público.
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 91.4%KEV nãoPoC —Nuclei simMetasploit simPatch —
Ciclo de vida
19 jul 2016Exploit Metasploit disponible
21 jul 2016Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
Productos afectados
n/a · n/aReferencias
http://packetstormsecurity.com/files/152324/Oracle-Weblogic-Server-Deserialization-MarshalledObject-Remote-Code-Execution.htmlhttps://www.tenable.com/security/research/tra-2016-21http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1036373