Lucene search

[email protected]CVE-2003-0151

HistoryMar 24, 2003 - 5:00 a.m.

CVE-2003-0151

2003-03-2405:00:00

[email protected]

web.nvd.nist.gov

cve-2003-0151

bea weblogic server

access restriction

servlets

administrative functions

remote attackers

arbitrary files

code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.083 Low

EPSS

Percentile

94.4%

JSON

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

Affected configurations

NVD

Node

beaweblogic_serverMatch6.0

beaweblogic_serverMatch6.0express

beaweblogic_serverMatch6.0sp1

beaweblogic_serverMatch6.0sp1express

beaweblogic_serverMatch6.0sp2

beaweblogic_serverMatch6.0sp2express

beaweblogic_serverMatch6.1

beaweblogic_serverMatch6.1express

beaweblogic_serverMatch6.1sp1

beaweblogic_serverMatch6.1sp1express

beaweblogic_serverMatch6.1sp2

beaweblogic_serverMatch6.1sp2express

beaweblogic_serverMatch6.1sp3

beaweblogic_serverMatch6.1sp3express

beaweblogic_serverMatch6.1sp4

beaweblogic_serverMatch6.1sp4express

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0.0.1

beaweblogic_serverMatch7.0.0.1express

beaweblogic_serverMatch7.0.0.1sp1

beaweblogic_serverMatch7.0.0.1sp1express

beaweblogic_serverMatch7.0.0.1sp2

beaweblogic_serverMatch7.0.0.1sp2express

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.0
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq7.0.0.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.0
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	7.0.0.1

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp

marc.info/?l=bugtraq&m=104792477914620&w=2

marc.info/?l=bugtraq&m=104792544515384&w=2

www.s21sec.com/en/avisos/s21sec-011-en.txt

www.securityfocus.com/bid/7122

www.securityfocus.com/bid/7124

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.083 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2003-0151

nvd1 cvelist1 nessus1 openvas1