PT-2005-5414 · Bea · Bea Weblogic Server+1
Published
2005-12-31
·
Updated
2018-09-27
·
CVE-2005-4751
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and WebLogic Express versions 6.1 SP7 and earlier
BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier
BEA WebLogic Server and WebLogic Express versions 8.1 SP4 and earlier
BEA WebLogic Server and WebLogic Express version 9.0
Description
The issue allows remote attackers to inject arbitrary web script or HTML, potentially gaining administrative privileges. The exact attack vectors are not specified.
Recommendations
For BEA WebLogic Server and WebLogic Express versions 6.1 SP7 and earlier, update to a version later than 6.1 SP7 to resolve the issue.
For BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier, update to a version later than 7.0 SP6 to resolve the issue.
For BEA WebLogic Server and WebLogic Express versions 8.1 SP4 and earlier, update to a version later than 8.1 SP4 to resolve the issue.
For BEA WebLogic Server and WebLogic Express version 9.0, update to a version later than 9.0 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bea Weblogic Server
Weblogic Express