PT-2007-4012 · Bea · Oracle Weblogic Server+1
Publicado
2007-05-16
·
Atualizado
2017-07-29
·
CVE-2007-2695
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Express and WebLogic Server versions 6.1 through SP7
BEA WebLogic Express and WebLogic Server versions 7.0 through SP7
BEA WebLogic Express and WebLogic Server versions 8.1 through SP5
BEA WebLogic Express and WebLogic Server version 9.0
BEA WebLogic Express and WebLogic Server version 9.1
Description
The issue allows remote attackers to access administrative data or functionality when SecureProxy is enabled. This is due to the HttpClusterServlet and HttpProxyServlet processing external requests on behalf of a system identity.
Recommendations
For BEA WebLogic Express and WebLogic Server versions 6.1 through SP7, consider disabling SecureProxy to prevent external requests from being processed on behalf of a system identity.
For BEA WebLogic Express and WebLogic Server versions 7.0 through SP7, consider disabling SecureProxy to prevent external requests from being processed on behalf of a system identity.
For BEA WebLogic Express and WebLogic Server versions 8.1 through SP5, consider disabling SecureProxy to prevent external requests from being processed on behalf of a system identity.
For BEA WebLogic Express and WebLogic Server version 9.0, consider disabling SecureProxy to prevent external requests from being processed on behalf of a system identity.
For BEA WebLogic Express and WebLogic Server version 9.1, consider disabling SecureProxy to prevent external requests from being processed on behalf of a system identity.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Weblogic Express
Oracle Weblogic Server