CVE-2010-2375
Oracle WebLogic Server 10.3.3 - Encoded URL
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
Paquete/Privilegio: Plugins para Apache, Sun y servicios web IIS, vulnerabilidad no especificada en el componente WebLogic Server de Oracle Fusion Middleware v7.0 SP7, v8.1 SP6, v9.0, v9.1, v9.2 MP3, v10.0 MP2, v10.3.2 y v10.3.3, permite a atacantes remotos afectar la confidencialidad e integridad, relacionado con IIS.
Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-06-21 CVE Reserved
- 2010-07-13 CVE Published
- 2010-07-13 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html | X_refsource_confirm |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/91791 | 2010-07-14 | |
| https://www.exploit-db.com/exploits/34312 | 2010-07-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 7.0 Search vendor "Bea" for product "Weblogic Server" and version "7.0" | sp7 |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp6 |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.0 Search vendor "Bea" for product "Weblogic Server" and version "9.0" | - |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.1 Search vendor "Bea" for product "Weblogic Server" and version "9.1" | - |
Affected
| ||||||
| Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 9.2 Search vendor "Bea" for product "Weblogic Server" and version "9.2" | mp3 |
Affected
| ||||||
| Bea Systems Search vendor "Bea Systems" | Weblogic Server Search vendor "Bea Systems" for product "Weblogic Server" | 10.0 Search vendor "Bea Systems" for product "Weblogic Server" and version "10.0" | mp2 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 10.3.2.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.2.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 10.3.3.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "10.3.3.0.0" | - |
Affected
| ||||||