Lucene search

[email protected]CVE-2006-1352

HistoryMar 22, 2006 - 1:02 a.m.

CVE-2006-1352

2006-03-2201:02:00

[email protected]

web.nvd.nist.gov

bea weblogic server

weblogic express

cve-2006-1352

nvd

denial of service

memory exhaustion

xml

security vulnerability

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.

Affected configurations

NVD

Node

beaweblogic_serverMatch6.1express

beaweblogic_serverMatch6.1win32

beaweblogic_serverMatch6.1sp1express

beaweblogic_serverMatch6.1sp1win32

beaweblogic_serverMatch6.1sp2express

beaweblogic_serverMatch6.1sp2win32

beaweblogic_serverMatch6.1sp3express

beaweblogic_serverMatch6.1sp4express

beaweblogic_serverMatch6.1sp4win32

beaweblogic_serverMatch6.1sp5express

beaweblogic_serverMatch6.1sp5win32

beaweblogic_serverMatch6.1sp6express

beaweblogic_serverMatch6.1sp6win32

beaweblogic_serverMatch6.1sp7express

beaweblogic_serverMatch6.1sp7win32

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp1win32

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp3win32

beaweblogic_serverMatch7.0sp4express

beaweblogic_serverMatch7.0sp4win32

beaweblogic_serverMatch7.0sp5express

beaweblogic_serverMatch7.0sp5win32

beaweblogic_serverMatch7.0sp6express

beaweblogic_serverMatch7.0sp6win32

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1win32

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp1win32

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp2win32

beaweblogic_serverMatch8.1sp3express

beaweblogic_serverMatch8.1sp3win32

beaweblogic_serverMatch8.1sp4express

beaweblogic_serverMatch8.1sp4win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/183

secunia.com/advisories/19310

securitytracker.com/id?1015790

www.securityfocus.com/bid/17167

www.vupen.com/english/advisories/2006/1021

exchange.xforce.ibmcloud.com/vulnerabilities/25348

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2006-1352

nvd1 prion1 cvelist1