7.6 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.8%
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process “external requests on behalf of a system identity,” which allows remote attackers to access administrative data or functionality.
dev2dev.bea.com/pub/advisory/227
dev2dev.bea.com/pub/advisory/274
osvdb.org/36074
secunia.com/advisories/25284
secunia.com/advisories/29041
securitytracker.com/id?1018057
www.vupen.com/english/advisories/2007/1815
www.vupen.com/english/advisories/2008/0612/references
exchange.xforce.ibmcloud.com/vulnerabilities/34282