Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0151

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0151
Last Modified 05 Sep 2008 04:33:37
Published 24 Mar 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0151

Summary

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

Vulnerable Systems

Application

  • Bea Weblogic Server 6.0

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 7.0.0.1


References

BUGTRAQ - 20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server

BUGTRAQ - 20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express

MISC - http://www.s21sec.com/en/avisos/s21sec-011-en.txt

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp

BID - 7124

BID - 7122


Last Updated: 27 May 2016 10:37:48