CVE-2003-1290
BEA WebLogic Server & WebLogic Express <8.1 - Info Disclosure
Title source: llmDescription
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/162
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9034
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10218
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18396
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3064
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16215
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13752
Scores
EPSS
0.0049
EPSS Percentile
65.6%
Details
Status
published
Products (5)
bea/weblogic_server
6.0 (5 CPE variants)
bea/weblogic_server
6.1 (15 CPE variants)
bea/weblogic_server
7.0 (15 CPE variants)
bea/weblogic_server
7.0.0.1 (9 CPE variants)
bea/weblogic_server
8.1 (6 CPE variants)
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026