ID CVE-2007-2694
Summary Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:ga:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:ga:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:ga:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:ga:express:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-03-2011 - 02:54)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bea BEA07-80.03
osvdb 36075
secunia 25284
vupen ADV-2007-1815
Last major update 08-03-2011 - 02:54
Published 16-05-2007 - 01:19
Last modified 08-03-2011 - 02:54
Back to Top