Vulnerabilities > CVE-2003-0151 - Unspecified vulnerability in BEA Weblogic Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bea
nessus

Summary

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Bea
28

Nessus

NASL familyCGI abuses
NASL idWEBLOGIC_ADM_SERVLET.NASL
descriptionThe remote web server is WebLogic. An internal management servlet that does not properly check user credentials can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 that could allow users to delete empty subcontexts. *** Note that Nessus only checked the version in the server banner, *** so this might be a false positive.
last seen2020-06-01
modified2020-06-02
plugin id11486
published2003-03-27
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11486
titleWebLogic Servlets Multiple Vulnerabilities