CVE-2007-2699
Oracle Application Testing Suite WebLogic Server Administration Console War Deployment
Severity Score
7.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
La Consola de Administración en BEA WebLogic Express y WebLogic Server 9.0 y 9.1 no hace cumplir correctamente ciertas Políticas de Seguridad del Dominio, lo cual permite a usuarios administradores remotos en el rol de Desplegador (Deployer) enviar ficheros de su elección.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-05-15 CVE Reserved
- 2007-05-16 CVE Published
- 2024-04-26 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://dev2dev.bea.com/pub/advisory/231 | 2019-05-28 | |
http://securitytracker.com/id?1018057 | 2019-05-28 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/25284 | 2019-05-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.0 Search vendor "Bea" for product "Weblogic Server" and version "9.0" | - |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.0 Search vendor "Bea" for product "Weblogic Server" and version "9.0" | express |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.1 Search vendor "Bea" for product "Weblogic Server" and version "9.1" | - |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.1 Search vendor "Bea" for product "Weblogic Server" and version "9.1" | express |
Affected
|