Vulnerability Details CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
- http://marc.info/?l=bugtraq&m=106762000607681&w=2
- http://www.securityfocus.com/bid/8931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13560
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
- http://marc.info/?l=bugtraq&m=106762000607681&w=2
- http://www.securityfocus.com/bid/8931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13560
Products affected by CVE-2003-0622
-
cpe:2.3:a:bea:tuxedo:6.3
-
cpe:2.3:a:bea:tuxedo:6.4
-
cpe:2.3:a:bea:tuxedo:6.5
-
cpe:2.3:a:bea:tuxedo:7.1
-
cpe:2.3:a:bea:tuxedo:8.0
-
cpe:2.3:a:bea:tuxedo:8.1
-
cpe:2.3:a:bea:weblogic_server:4.2
-
cpe:2.3:a:bea:weblogic_server:5.0.1
-
cpe:2.3:a:bea:weblogic_server:5.1