Cyber Resilience

CVE-2017-10271

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 19 October 2017

Published
19 October 2017
Modified
21 April 2026
KEV Added
10 February 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.9444 100.0th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-10271 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Oracle Weblogic Server. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2017-10271 is a vulnerability in the WLS Security subcomponent of Oracle WebLogic Server within Oracle Fusion Middleware. It affects supported versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, and 12.2.1.2.0. The flaw is remotely exploitable over the T3 protocol without authentication and carries a CVSS 3.0 base score of 7.5 with an impact limited to availability.

An unauthenticated attacker with network access can exploit the issue to achieve takeover of the Oracle WebLogic Server instance. The attack requires no user interaction and succeeds due to missing authentication enforcement in the affected security component.

Oracle's October 2017 Critical Patch Update addresses the vulnerability through official patches for the listed versions. Public references, including exploit code on GitHub and Exploit-DB, confirm that working proof-of-concept implementations have been released.

The issue is tracked under CWE-306 and was published with references to SecurityFocus and SecurityTracker entries that point to the same Oracle advisory for remediation details.

EU & UK References

Vulnerability details

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic…

more

Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CWE(s)
KEV Date Added
10 February 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oracle
weblogic server
10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication requirements on T3 interfaces, blocking the unauthenticated remote access that enables server takeover in CVE-2017-10271.

prevent

Mandates identification and authentication of all users before granting access to WebLogic security functions, directly mitigating the missing-authentication flaw (CWE-306).

prevent

Requires timely application of the October 2017 Critical Patch Update that Oracle released specifically to correct the WLS Security authentication bypass.

References