PT-2007-4011 · Bea · Bea Weblogic Server+1
Publicado
2007-05-16
·
Atualizado
2011-03-08
·
CVE-2007-2694
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Express and WebLogic Server versions 6.1 through SP7
BEA WebLogic Express and WebLogic Server versions 7.0 through SP7
BEA WebLogic Express and WebLogic Server versions 8.1 through SP5
BEA WebLogic Express and WebLogic Server version 9.0 GA
BEA WebLogic Express and WebLogic Server version 9.1 GA
Description
The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks.
Recommendations
For versions 6.1 through SP7, update to a version later than SP7 to resolve the issue.
For versions 7.0 through SP7, update to a version later than SP7 to resolve the issue.
For versions 8.1 through SP5, update to a version later than SP5 to resolve the issue.
For version 9.0 GA, update to a later version to resolve the issue.
For version 9.1 GA, update to a later version to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Bea Weblogic Express
Bea Weblogic Server