PT-2003-1828 · Oracle · Weblogic Integration+3

Publicado

2003-09-04

Atualizado

2008-09-05

CVE-2003-0733

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: WebLogic Integration versions 2.0 through 7.0 WebLogic Server and Express versions 5.1 through 7.0 Liquid Data version 1.1

Description: The issue allows remote attackers to execute arbitrary web script and potentially steal authentication credentials. This can be achieved via a forward instruction to the Servlet container or through other vulnerabilities in the WebLogic Server console application.

Recommendations: For WebLogic Integration versions 2.0 through 7.0, update to a version that includes the fix for this issue. For WebLogic Server and Express versions 5.1 through 7.0, update to a version that includes the fix for this issue. For Liquid Data version 1.1, update to a version that includes the fix for this issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-0733

Produtos afetados

Liquid Data

Weblogic Express

Weblogic Integration

Oracle Weblogic Server

PT-2003-1828 · Oracle · Weblogic Integration+3

CVE-2003-0733

Identificadores relacionados

Produtos afetados

Referências · 4