Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0621

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0621
Last Modified 05 Sep 2008 04:34:48
Published 01 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0621

Summary

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

Vulnerable Systems

Application

  • Bea Tuxedo 6.3

  • Bea Tuxedo 6.4

  • Bea Tuxedo 6.5

  • Bea Tuxedo 7.1

  • Bea Tuxedo 8.0

  • Bea Tuxedo 8.1

  • Bea Weblogic Server 4.2

  • Bea Weblogic Server 5.0.1

  • Bea Weblogic Server 5.1


References

BID - 8931

BUGTRAQ - 20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp

XF - bea-tuxedo-file-disclosure(13559)


Last Updated: 27 May 2016 10:37:59