ID CVE-2007-2699
Summary The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
CVSS
Base: 7.1 (as of 28-05-2019 - 17:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:S/C:C/I:C/A:C
refmap via4
bea BEA07-164.00
misc http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html
osvdb 36069
sectrack 1018057
secunia 25284
vupen ADV-2007-1815
xf weblogic-adminconsole-insecure-permissions(34289)
Last major update 28-05-2019 - 17:29
Published 16-05-2007 - 01:19
Last modified 28-05-2019 - 17:29
Back to Top