CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-2699

The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.2%

CVSS Severity

CVSS v2 Score 7.1

References

http://dev2dev.bea.com/pub/advisory/231
http://osvdb.org/36069
http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html
http://secunia.com/advisories/25284
http://securitytracker.com/id?1018057
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34289
http://dev2dev.bea.com/pub/advisory/231
http://osvdb.org/36069
http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html
http://secunia.com/advisories/25284
http://securitytracker.com/id?1018057
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34289

Products affected by CVE-2007-2699

Bea » Weblogic Server » Version: 9.0

cpe:2.3:a:bea:weblogic_server:9.0
Bea » Weblogic Server » Version: 9.1

cpe:2.3:a:bea:weblogic_server:9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2699

Products

Pricing

Contact Us