Vulnerabilities > CVE-2003-1095 - Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN bea
nessus
Summary
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Nessus
| NASL family | CGI abuses |
| NASL id | WEBLOGIC_ADM_SERVLET.NASL |
| description | The remote web server is WebLogic. An internal management servlet that does not properly check user credentials can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 that could allow users to delete empty subcontexts. *** Note that Nessus only checked the version in the server banner, *** so this might be a false positive. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11486 |
| published | 2003-03-27 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11486 |
| title | WebLogic Servlets Multiple Vulnerabilities |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp
- http://www.kb.cert.org/vuls/id/691153
- http://www.kb.cert.org/vuls/id/691153
- http://www.securityfocus.com/bid/7130
- http://www.securityfocus.com/bid/7130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11555
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11555