ID CVE-2010-2375
Summary Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:7.0:sp7
    cpe:2.3:a:bea:weblogic_server:7.0:sp7
  • BEA Systems WebLogic Server 8.1 SP6
    cpe:2.3:a:bea:weblogic_server:8.1:sp6
  • BEA Systems WebLogic Server 9.0
    cpe:2.3:a:bea:weblogic_server:9.0
  • BEA Systems WebLogic Server 9.1
    cpe:2.3:a:bea:weblogic_server:9.1
  • cpe:2.3:a:bea:weblogic_server:9.2:mp3
    cpe:2.3:a:bea:weblogic_server:9.2:mp3
  • cpe:2.3:a:bea_systems:weblogic_server:10.0:mp2
    cpe:2.3:a:bea_systems:weblogic_server:10.0:mp2
  • Oracle Weblogic Server 10.3.2.0.0
    cpe:2.3:a:oracle:weblogic_server:10.3.2.0.0
  • Oracle Weblogic Server 10.3.3.0.0
    cpe:2.3:a:oracle:weblogic_server:10.3.3.0.0
CVSS
Base: 6.4 (as of 14-07-2010 - 14:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description Oracle WebLogic Server 10.3.3 Encoded URL Remote Vulnerability. CVE-2010-2375. Remote exploits for multiple platform
id EDB-ID:34312
last seen 2016-02-03
modified 2010-07-13
published 2010-07-13
reporter Timothy D. Morgan
source https://www.exploit-db.com/download/34312/
title Oracle WebLogic Server <= 10.3.3 Encoded URL Remote Vulnerability
nessus via4
NASL family Web Servers
NASL id WEBLOGIC_PLUGIN_HTTP_INJECTION.NASL
description The remote web server is using the WebLogic plug-in for Apache, IIS, or Sun web servers, a module included with Oracle (formerly BEA) WebLogic Server and used to proxy requests from an HTTP server to WebLogic. The version of this plug-in on the remote host is affected by an HTTP injection vulnerability because it fails to sanitize request headers of special characters, such as new lines, before passing them to WebLogic application servers. An unauthenticated, remote attacker may be able to exploit this issue to conduct a variety of attacks, such as trusted header injection and HTTP request smuggling.
last seen 2019-01-16
modified 2018-11-15
plugin id 47898
published 2010-07-29
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=47898
title Oracle WebLogic Server Plug-in HTTP Injection
packetstorm via4
data source https://packetstormsecurity.com/files/download/91791/weblogic-inject.txt
id PACKETSTORM:91791
last seen 2016-12-05
published 2010-07-14
reporter George D. Gal
source https://packetstormsecurity.com/files/91791/WebLogic-Plugin-HTTP-Injection-Via-Encoded-URLs.html
title WebLogic Plugin HTTP Injection Via Encoded URLs
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Last major update 22-10-2012 - 23:25
Published 13-07-2010 - 18:30
Last modified 30-10-2018 - 12:27
Back to Top