CVE-2007-4614

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/216	Patch
http://osvdb.org/45839
http://www.securityfocus.com/bid/22082	Patch
http://dev2dev.bea.com/pub/advisory/216	Patch
http://osvdb.org/45839
http://www.securityfocus.com/bid/22082	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:36

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/pub/advisory/216 - Patch~~	() http://dev2dev.bea.com/pub/advisory/216 - Patch
References	~~() http://osvdb.org/45839 -~~	() http://osvdb.org/45839 -
References	~~() http://www.securityfocus.com/bid/22082 - Patch~~	() http://www.securityfocus.com/bid/22082 - Patch

Information

Published : 2007-08-31 00:17

Updated : 2024-11-21 00:36

NVD link : CVE-2007-4614

Mitre link : CVE-2007-4614

CVE.ORG link : CVE-2007-4614

JSON object : View

Products Affected

bea

weblogic_server

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2007-4614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-31T00:17:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/216", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/45839", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22082", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://dev2dev.bea.com/pub/advisory/216", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/45839", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22082", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426."}, {"lang": "es", "value": "BEA WebLogic Server 9.1 no maneja adecuadamente la propagaci\u00f3n del registro de cambios de la pol\u00edtica de seguridad del servidor de administraci\u00f3n a servidores temporalmente no disponibles para su administraci\u00f3n, lo que puede permitir a atacante evitar las restricciones planeadas. Vulnerabilidad diferente a la CVE-2007-0426."}], "lastModified": "2024-11-21T00:36:01.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}