CVE-2017-10147

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2

Description The issue allows an unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle WebLogic Server, potentially impacting additional products.

Recommendations For versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2, consider restricting access to the T3 protocol to minimize the risk of exploitation. As a temporary workaround, consider disabling the ServerMigrationCoordinator class in the WebLogic/cluster/singleton module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.