PT-2007-4022 · Bea · Weblogic Integration+1

Published

2007-05-16

Updated

2017-07-29

CVE-2007-2705

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Integration versions 9.2 before SP1 BEA WebLogic Workshop versions 8.1 SP2 through 8.1 SP6

Description A directory traversal issue exists in the Test View Console of BEA WebLogic Integration and WebLogic Workshop, allowing remote attackers to list a parent directory of the WebLogic Workshop Directory (wlwdir) when deployed in an exploded format.

Recommendations For BEA WebLogic Integration version 9.2 before SP1, update to SP1 or later to resolve the issue. For BEA WebLogic Workshop versions 8.1 SP2 through 8.1 SP6, consider restricting access to the Test View Console until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2705

Affected Products

Weblogic Integration

Bea Weblogic Workshop

PT-2007-4022 · Bea · Weblogic Integration+1

CVE-2007-2705

Related Identifiers

Affected Products

References · 6