7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.4%
WebLogic Server and WebLogic Express are application servers based on Java Platform Enterprise Edition 5 (JavaEE5) and provided by Oracle (formerly BEA Systems, Inc.). Plug-ins for Apache, Sun, and Microsoft IIS web servers which are included in WebLogic Server and WebLogic Express contain a directory traversal vulnerability.
A remote attacker could, without authentication, view files on the server where either WebLogic Server or WebLogic Express is installed. This could lead to unintentional disclosure of file contents.
Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendorβs website.
Following plug-ins included in WebLogic Sever and WebLogic Express before 2008 July 15.