PT-2003-1828 · Oracle · Weblogic Integration+3

Published

2003-09-04

Updated

2008-09-05

CVE-2003-0733

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: WebLogic Integration versions 2.0 through 7.0 WebLogic Server and Express versions 5.1 through 7.0 Liquid Data version 1.1

Description: The issue allows remote attackers to execute arbitrary web script and potentially steal authentication credentials. This can be achieved via a forward instruction to the Servlet container or through other vulnerabilities in the WebLogic Server console application.

Recommendations: For WebLogic Integration versions 2.0 through 7.0, update to a version that includes the fix for this issue. For WebLogic Server and Express versions 5.1 through 7.0, update to a version that includes the fix for this issue. For Liquid Data version 1.1, update to a version that includes the fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0733

Affected Products

Liquid Data

Weblogic Express

Weblogic Integration

Oracle Weblogic Server

PT-2003-1828 · Oracle · Weblogic Integration+3

CVE-2003-0733

Related Identifiers

Affected Products

References · 4