CVE-2003-0621

BEA Tuxedo 8.1 - Information Disclosure via INIFILE Path Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0621. PoCs published by Corsaire Limited.

AI-analyzed exploit summary The writeup describes multiple vulnerabilities in BEA Tuxedo and WebLogic Enterprise, including XSS, DoS, and file disclosure via unsanitized INIFILE parameter in the Tuxedo administration console. No actual exploit code is provided, only a description and example URL for XSS.

Description

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Corsaire Limited · textremotecgi
https://www.exploit-db.com/exploits/23312

The writeup describes multiple vulnerabilities in BEA Tuxedo and WebLogic Enterprise, including XSS, DoS, and file disclosure via unsanitized INIFILE parameter in the Tuxedo administration console. No actual exploit code is provided, only a description and example URL for XSS.

Classification
Writeup 90%
Attack Type
Xss | Dos | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: BEA Tuxedo and WebLogic Enterprise
No auth needed
Prerequisites: Access to the Tuxedo administration console URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106762000607681&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13559
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8931

Scores

EPSS 0.0693
EPSS Percentile 93.3%

Details

Status published
Products (9)
bea/tuxedo 6.3
bea/tuxedo 6.4
bea/tuxedo 6.5
bea/tuxedo 7.1
bea/tuxedo 8.0
bea/tuxedo 8.1
bea/weblogic_server 4.2
bea/weblogic_server 5.0.1
bea/weblogic_server 5.1
Published Dec 01, 2003
Tracked Since Feb 18, 2026