Description
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
References (7)
Core 7
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/168
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24295
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22776
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015528
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18592
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16358
Scores
EPSS
0.0032
EPSS Percentile
54.7%
Details
Status
published
Products (3)
bea/weblogic_server
6.1 sp1 (13 CPE variants)
bea/weblogic_server
7.0 sp1 (12 CPE variants)
bea/weblogic_server
8.1 sp1 (8 CPE variants)
Published
Jan 25, 2006
Tracked Since
Feb 18, 2026