PT-2014-1729 · Oracle · Oracle Weblogic Server

Published

2014-07-16

Updated

2018-10-09

CVE-2014-4254

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0 through 12.1.2.0

Description The issue allows remote attackers to compromise the confidentiality, integrity, and availability of data using WLS - Web Services. This affects the Oracle WebLogic Server component in Oracle Fusion Middleware.

Recommendations For versions 10.3.6.0 through 12.1.2.0, consider restricting access to WLS - Web Services until a patch is available. As a temporary workaround, consider disabling the use of WLS - Web Services in the affected Oracle WebLogic Server component until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-00742

CVE-2014-4254

Affected Products

Oracle Weblogic Server

PT-2014-1729 · Oracle · Oracle Weblogic Server

CVE-2014-4254

Related Identifiers

Affected Products

References · 11