ID CVE-2007-2696
Summary The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bea BEA07-160.00
osvdb 36073
sectrack 1018057
secunia 25284
vupen ADV-2007-1815
xf weblogic-jms-security-bypass(34284)
Last major update 29-07-2017 - 01:31
Published 16-05-2007 - 01:19
Last modified 29-07-2017 - 01:31
Back to Top