PT-2007-4016 · Bea · Bea Weblogic Server+1

Published

2007-05-16

Updated

2019-05-28

CVE-2007-2699

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 9.0 through 9.1 BEA WebLogic Express versions 9.0 through 9.1

Description The issue is related to the Administration Console in the affected software, which fails to properly enforce certain Domain Security Policies. This allows remote administrative users in the Deployer role to upload arbitrary files.

Recommendations For BEA WebLogic Server versions 9.0 through 9.1, restrict access to the Administration Console to minimize the risk of exploitation. For BEA WebLogic Express versions 9.0 through 9.1, consider disabling file upload functionality for the Deployer role until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2699

Affected Products

Bea Weblogic Express

Bea Weblogic Server

PT-2007-4016 · Bea · Bea Weblogic Server+1

CVE-2007-2699

Related Identifiers

Affected Products

References · 9