ID CVE-2005-1380
Summary Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
References
Vulnerable Configurations
  • BEA Systems WebLogic Server 8.1
    cpe:2.3:a:bea:weblogic_server:8.1
  • cpe:2.3:a:bea:weblogic_server:8.1:-:express
    cpe:2.3:a:bea:weblogic_server:8.1:-:express
  • cpe:2.3:a:bea:weblogic_server:8.1:-:win32
    cpe:2.3:a:bea:weblogic_server:8.1:-:win32
  • BEA Systems WebLogic Server 8.1 SP1
    cpe:2.3:a:bea:weblogic_server:8.1:sp1
  • BEA Systems WebLogic Express 8.1 SP1
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:express
  • BEA Systems WebLogic Server 8.1 SP1 Win32
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32
  • BEA Systems WebLogic Server 8.1 SP2
    cpe:2.3:a:bea:weblogic_server:8.1:sp2
  • BEA Systems WebLogic Express 8.1 SP2
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:express
  • BEA Systems WebLogic Server 8.1 SP2 Win32
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32
  • BEA Systems WebLogic Server 8.1 SP3
    cpe:2.3:a:bea:weblogic_server:8.1:sp3
  • BEA Systems WebLogic Express 8.1 SP3
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:express
  • BEA Systems WebLogic Server 8.1 SP3 Win32
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32
  • BEA Systems WebLogic Server 8.1 SP4
    cpe:2.3:a:bea:weblogic_server:8.1:sp4
  • BEA Systems WebLogic Express 8.1 SP4
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:express
  • BEA Systems WebLogic Server 8.1 SP4 Win32
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32
CVSS
Base: 6.8 (as of 12-05-2005 - 17:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id BEA_81SP4_MULT_VULNS.NASL
description According to its banner, the remote host is running a version of BEA WebLogic Server or WebLogic Express that is prone to multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, unauthorized access, cross-site scripting attacks, and information disclosure.
last seen 2019-01-16
modified 2018-11-15
plugin id 18365
published 2005-05-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=18365
title BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)
refmap via4
bid 13400
bugtraq 20050428 Cross Site Scripting in BEA Admin Console
misc http://www.red-database-security.com/advisory/bea_css_in_admin_console.html
osvdb 15895
sectrack 1013817
secunia 15128
xf weblogic-jndiframesetaction-xss(20276)
Last major update 17-10-2016 - 23:19
Published 03-05-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top