Japan Vulnerability NotesJVN:81667751JVN#81667751 Directory traversal vulnerability in WebLogic Server and WebLogic Express plug-ins
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.4%
WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 (JavaEE5) and provided by Oracle (formerly BEA Systems, Inc.). Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability.
Impact
A remote attacker could, without authentication, view files on the server where either WebLogic Server or WebLogic Express is installed. This could lead to unintentional disclosure of file contents.
Solution
Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendorβs website.
Products Affected
Following plug-ins included in WebLogic Sever and WebLogic Express before 2008 July 15.
- Plug-in for Apache
- Plug-in for NSAPI(Netscape Server Application Program Interface)
- Plug-in for ISAPI(Internet Server Application Program Interface)
For more information, refer to the vendorβs website.
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.4%