PT-2007-4011 · Bea · Bea Weblogic Server+1

Published

2007-05-16

Updated

2011-03-08

CVE-2007-2694

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Express and WebLogic Server versions 6.1 through SP7 BEA WebLogic Express and WebLogic Server versions 7.0 through SP7 BEA WebLogic Express and WebLogic Server versions 8.1 through SP5 BEA WebLogic Express and WebLogic Server version 9.0 GA BEA WebLogic Express and WebLogic Server version 9.1 GA

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks.

Recommendations For versions 6.1 through SP7, update to a version later than SP7 to resolve the issue. For versions 7.0 through SP7, update to a version later than SP7 to resolve the issue. For versions 8.1 through SP5, update to a version later than SP5 to resolve the issue. For version 9.0 GA, update to a later version to resolve the issue. For version 9.1 GA, update to a later version to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2694

Affected Products

Bea Weblogic Express

Bea Weblogic Server

PT-2007-4011 · Bea · Bea Weblogic Server+1

CVE-2007-2694

Related Identifiers

Affected Products

References · 6