Lucene search
Copyright (C) 2010 Greenbone AGOPENVAS:1361412562310100714HistoryJul 14, 2010 - 12:00 a.m.
Oracle WebLogic Server Encoded URL Remote Vulnerability
2010-07-1400:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
41
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.004
Percentile
72.4%
Oracle WebLogic Server is prone to a remote vulnerability.
The vulnerability can be exploited over the
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:bea:weblogic_server";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.100714");
script_version("2023-07-28T16:09:07+0000");
script_tag(name:"last_modification", value:"2023-07-28 16:09:07 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2010-07-14 13:50:55 +0200 (Wed, 14 Jul 2010)");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_cve_id("CVE-2010-2375");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Oracle WebLogic Server Encoded URL Remote Vulnerability");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41620");
script_xref(name:"URL", value:"http://www.vsecurity.com/resources/advisory/20100713-1/");
script_xref(name:"URL", value:"http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_family("Web Servers");
script_copyright("Copyright (C) 2010 Greenbone AG");
script_dependencies("gb_oracle_weblogic_consolidation.nasl");
script_mandatory_keys("oracle/weblogic/detected");
script_tag(name:"solution", value:"Vendor updates are available. Please contact the vendor for more information.");
script_tag(name:"summary", value:"Oracle WebLogic Server is prone to a remote vulnerability.
The vulnerability can be exploited over the 'HTTP' protocol. For an exploit to succeed, the attacker must have
'Plugins for Apache, Sun and IIS web servers' privileges.
This vulnerability affects the following supported versions:
7. SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, 10.3.3");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!version = get_app_version(cpe: CPE, nofork: TRUE))
exit(0);
if (version_is_less_equal(version: version, test_version: "10.3.3")) {
report = report_fixed_ver(installed_version: version, fixed_version: "See reference");
security_message(port: 0, data: report);
exit(0);
}
exit(99);
Related
openvas
openvas
Oracle WebLogic Server Encoded URL Remote Vulnerability
2010-07-14 00:00:00
nvd
nvd
CVE-2010-2375
2010-07-13 22:30:02
cve
cve
CVE-2010-2375
2010-07-13 22:30:02
cvelist
cvelist
CVE-2010-2375
2010-07-13 22:07:00
securityvulns
securityvulns
CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
2010-07-15 00:00:00
Oracle / Sun applications multiple security vulneraebilities
2010-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2010
2010-07-15 00:00:00
packetstorm
packetstorm
WebLogic Plugin HTTP Injection Via Encoded URLs
2010-07-14 00:00:00
prion
prion
Buffer overflow
2010-07-13 22:30:00
exploitdb
exploitdb
Oracle WebLogic Server 10.3.3 - Encoded URL
2010-07-13 00:00:00
nessus
nessus
Oracle WebLogic Server Plug-in HTTP Injection
2010-07-29 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - July 2010
2010-07-13 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.004
Percentile
72.4%
Related for OPENVAS:1361412562310100714