1. CVE-Search
  2. CVE-2003-0151
ID CVE-2003-0151
Summary BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 7122
  • 7124
bugtraq
  • 20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server
  • 20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express
confirm http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
misc http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Last major update 18-10-2016 - 02:30
Published 24-03-2003 - 05:00
Last modified 18-10-2016 - 02:30
Back to Top