CVE-2003-0151

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
http://marc.info/?l=bugtraq&m=104792477914620&w=2
http://marc.info/?l=bugtraq&m=104792544515384&w=2
http://www.s21sec.com/en/avisos/s21sec-011-en.txt
http://www.securityfocus.com/bid/7122
http://www.securityfocus.com/bid/7124
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
http://marc.info/?l=bugtraq&m=104792477914620&w=2
http://marc.info/?l=bugtraq&m=104792544515384&w=2
http://www.s21sec.com/en/avisos/s21sec-011-en.txt
http://www.securityfocus.com/bid/7122
http://www.securityfocus.com/bid/7124

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:6.0:::::::*
	cpe:2.3:a:bea:weblogic_server:6.0::express:::::
	cpe:2.3:a:bea:weblogic_server:6.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:6.0:sp2::::::
	cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:6.1:::::::*
	cpe:2.3:a:bea:weblogic_server:6.1::express:::::
	cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::
	cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::
	cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::
	cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0::express:::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1::express:::::
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1::::::
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:::::*

History

20 Nov 2024, 23:44

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp -~~	() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp -
References	~~() http://marc.info/?l=bugtraq&m=104792477914620&w=2 -~~	() http://marc.info/?l=bugtraq&m=104792477914620&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=104792544515384&w=2 -~~	() http://marc.info/?l=bugtraq&m=104792544515384&w=2 -
References	~~() http://www.s21sec.com/en/avisos/s21sec-011-en.txt -~~	() http://www.s21sec.com/en/avisos/s21sec-011-en.txt -
References	~~() http://www.securityfocus.com/bid/7122 -~~	() http://www.securityfocus.com/bid/7122 -
References	~~() http://www.securityfocus.com/bid/7124 -~~	() http://www.securityfocus.com/bid/7124 -

Information

Published : 2003-03-24 05:00

Updated : 2024-11-20 23:44

NVD link : CVE-2003-0151

Mitre link : CVE-2003-0151

CVE.ORG link : CVE-2003-0151

JSON object : View

Products Affected

bea

weblogic_server

CWE

NVD-CWE-Other

7.5 /10