Description
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104792477914620&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7124
Various Sources x_refsource_confirm
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104792544515384&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7122
Scores
EPSS
0.0473
EPSS Percentile
89.5%
Details
Status
published
Products (4)
bea/weblogic_server
6.0 (6 CPE variants)
bea/weblogic_server
6.1 (10 CPE variants)
bea/weblogic_server
7.0 (6 CPE variants)
bea/weblogic_server
7.0.0.1 (6 CPE variants)
Published
Mar 24, 2003
Tracked Since
Feb 18, 2026