PT-2003-1401 · Bea · Bea Weblogic Server

Lluis Mora

Published

2003-03-21

Updated

2016-10-18

CVE-2003-0151

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and Express versions 6.0 through 7.0

Description: The issue allows remote attackers to read arbitrary files or execute arbitrary code due to improper restriction of access to certain internal servlets that perform administrative functions.

Recommendations: For versions 6.0 through 7.0, restrict access to internal servlets that perform administrative functions to prevent remote attackers from reading arbitrary files or executing arbitrary code.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0151

Affected Products

Bea Weblogic Server

PT-2003-1401 · Bea · Bea Weblogic Server

CVE-2003-0151

Related Identifiers

Affected Products

References · 8