Vulnerabilities > CVE-2005-1380 - Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

bea

nessus

NVD

Published: 2005-05-03

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 8.1	15

Nessus

NASL family	Web Servers
NASL id	BEA_81SP4_MULT_VULNS.NASL
description	According to its banner, the remote host is running a version of BEA WebLogic Server or WebLogic Express that is prone to multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, unauthorized access, cross-site scripting attacks, and information disclosure.
last seen	2020-06-01
modified	2020-06-02
plugin id	18365
published	2005-05-24
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18365
title	BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18365); script_version("1.26"); script_cve_id("CVE-2005-1380", "CVE-2005-1742", "CVE-2005-1743", "CVE-2005-1744", "CVE-2005-1745", "CVE-2005-1746", "CVE-2005-1747", "CVE-2005-1748", "CVE-2005-1749"); script_bugtraq_id(12548, 13400, 13717, 13793, 13794, 14632, 14657); script_name(english:"BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple flaws." ); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is running a version of BEA WebLogic Server or WebLogic Express that is prone to multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, unauthorized access, cross-site scripting attacks, and information disclosure." ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133850/dev2dev.bea.com/pub/advisory/125" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20061017121059/http://dev2dev.bea.com/pub/advisory/126" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133831/http://dev2dev.bea.com:80/pub/advisory/127" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133900/http://dev2dev.bea.com:80/pub/advisory/128" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133820/http://dev2dev.bea.com:80/pub/advisory/129" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070404224518/dev2dev.bea.com/pub/advisory/130" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070427111447/http://dev2dev.bea.com:80/pub/advisory/132" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133652/http://dev2dev.bea.com:80/pub/advisory/135" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070207142547/http://dev2dev.bea.com:80/pub/advisory/137" ); script_set_attribute(attribute:"solution", value: "Upgrade to the appropriate Service Pack as discussed in the vendor advisories referenced above." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/25"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for multiple vulnerabilities in BEA WebLogic <= 8.1 SP4"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); # Check the version number in the banner. banner = get_http_banner(port:port); if (!banner \|\| "WebLogic " >!< banner) exit(0); pat = "^Server:.WebLogic .([0-9]+\.[0-9.]+) "; matches = egrep(pattern:pat, string:banner); if (matches) { foreach match (split(matches, keep:FALSE)) { ver = eregmatch(pattern:pat, string:match); if (!isnull(ver)) { # Extract the version and service pack numbers. nums = split(ver[1], sep:".", keep:FALSE); ver_maj = int(nums[0]); ver_min = int(nums[1]); sp = ereg_replace( string:match, pattern:".* (Service Pack \|SP)([0-9]+) .+", replace:"\2" ); if (!sp) sp = 0; else sp = int(sp); # Check them against vulnerable versions listed in BEA's advisories. if ( # version 6.x ( ver_maj == 6 && ( ver_min < 1 \|\| (ver_min == 1 && sp <= 7) ) ) \|\| # version 7.x (ver_maj == 7 && (ver_min == 0 && sp <= 6)) \|\| # version 8.x ( ver_maj == 8 && ( ver_min < 1 \|\| (ver_min == 1 && sp <= 4) ) ) ) { security_hole(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } exit(0); } } }

Summary

Vulnerable Configurations

Nessus

References