Vulnerabilities > CVE-2003-0151 - Unspecified vulnerability in BEA Weblogic Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bea

nessus

NVD

Published: 2003-03-24

Updated: 2024-11-20

Summary

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0 BEA Weblogic Server 6.1 BEA Weblogic Server 6.0 BEA Weblogic Server 7.0.0.1	28

Nessus

NASL family	CGI abuses
NASL id	WEBLOGIC_ADM_SERVLET.NASL
description	The remote web server is WebLogic. An internal management servlet that does not properly check user credentials can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 that could allow users to delete empty subcontexts. * Note that Nessus only checked the version in the server banner, * so this might be a false positive.
last seen	2020-06-01
modified	2020-06-02
plugin id	11486
published	2003-03-27
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11486
title	WebLogic Servlets Multiple Vulnerabilities

Summary

Vulnerable Configurations

Nessus

References