CVE-2007-0412

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.1 through 6.1 SP7 BEA WebLogic Server versions 7.0 through 7.0 SP7 BEA WebLogic Server versions 8.1 through 8.1 SP5

Description The issue allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.

Recommendations For BEA WebLogic Server versions 6.1 through 6.1 SP7, consider restricting access to .ear and exploded .ear files to minimize the risk of exploitation. For BEA WebLogic Server versions 7.0 through 7.0 SP7, avoid using the manifest class-path property to point to utility jar files until the issue is resolved. For BEA WebLogic Server versions 8.1 through 8.1 SP5, restrict the class-path property to only include necessary files and directories to reduce the attack surface.