ID OSVDB:9972 Type osvdb Reporter BEA Systems() Modified 2004-09-13T00:00:00
Description
Vulnerability Description
WebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose system configuration information and allow for modification of system configuration resulting in a loss of confidentiality and/or integrity.
Solution Description
Upgrade to version 8.1 SP3 or higher, as it has been reported to fix this vulnerability. Users of 7.0 should ugrade to Service Pack 5 and apply the vendor patch, as it has been reported to fix this vulnerability.
Short Description
WebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose system configuration information and allow for modification of system configuration resulting in a loss of confidentiality and/or integrity.
{"type": "osvdb", "published": "2004-09-13T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9972", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "edition": 1, "reporter": "BEA Systems()", "title": "BEA WebLogic weblogic.Admin Arbitrary Command Execution", "affectedSoftware": [{"operator": "eq", "version": "7.0 SP5", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "8.1 SP1", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP2", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP3", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "8.1", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP4", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "8.1 SP2", "name": "WebLogic Server and WebLogic Express"}, {"operator": "eq", "version": "7.0 SP1", "name": "WebLogic Server and WebLogic Express"}], "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2017-04-28T13:20:05", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:05", "rev": 2}, "vulnersScore": 0.3}, "references": [], "id": "OSVDB:9972", "lastseen": "2017-04-28T13:20:05", "cvelist": [], "modified": "2004-09-13T00:00:00", "description": "## Vulnerability Description\nWebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose system configuration information and allow for modification of system configuration resulting in a loss of confidentiality and/or integrity.\n## Solution Description\nUpgrade to version 8.1 SP3 or higher, as it has been reported to fix this vulnerability. Users of 7.0 should ugrade to Service Pack 5 and apply the vendor patch, as it has been reported to fix this vulnerability.\n## Short Description\nWebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose system configuration information and allow for modification of system configuration resulting in a loss of confidentiality and/or integrity.\n## References:\nVendor URL: http://www.bea.com/\n[Vendor Specific Advisory URL](http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-66.00.jsp)\n[Secunia Advisory ID:12524](https://secuniaresearch.flexerasoftware.com/advisories/12524/)\n[Related OSVDB ID: 9974](https://vulners.com/osvdb/OSVDB:9974)\n[Related OSVDB ID: 9978](https://vulners.com/osvdb/OSVDB:9978)\n[Related OSVDB ID: 9973](https://vulners.com/osvdb/OSVDB:9973)\n[Related OSVDB ID: 9975](https://vulners.com/osvdb/OSVDB:9975)\n[Related OSVDB ID: 9976](https://vulners.com/osvdb/OSVDB:9976)\n[Related OSVDB ID: 9977](https://vulners.com/osvdb/OSVDB:9977)\nKeyword: BEA04-66.00\n"}
