Vulnerability Details CVE-2007-0416
The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://dev2dev.bea.com/pub/advisory/210
- http://osvdb.org/38510
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
- http://dev2dev.bea.com/pub/advisory/210
- http://osvdb.org/38510
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
Products affected by CVE-2007-0416
-
cpe:2.3:a:bea:weblogic_server:9.0
-
cpe:2.3:a:bea:weblogic_server:9.1