PT-2007-4022 · Bea · Weblogic Integration+1

Publicado

2007-05-16

Atualizado

2017-07-29

CVE-2007-2705

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Integration versions 9.2 before SP1 BEA WebLogic Workshop versions 8.1 SP2 through 8.1 SP6

Description A directory traversal issue exists in the Test View Console of BEA WebLogic Integration and WebLogic Workshop, allowing remote attackers to list a parent directory of the WebLogic Workshop Directory (wlwdir) when deployed in an exploded format.

Recommendations For BEA WebLogic Integration version 9.2 before SP1, update to SP1 or later to resolve the issue. For BEA WebLogic Workshop versions 8.1 SP2 through 8.1 SP6, consider restricting access to the Test View Console until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-2705

Produtos afetados

Weblogic Integration

Bea Weblogic Workshop

PT-2007-4022 · Bea · Weblogic Integration+1

CVE-2007-2705

Identificadores relacionados

Produtos afetados

Referências · 6