Vulnerabilities > CVE-2007-0412 - Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/8.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bea

NVD

Published: 2007-01-23

Updated: 2024-11-21

Summary

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 6.1 BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	22

References

http://dev2dev.bea.com/pub/advisory/206
http://dev2dev.bea.com/pub/advisory/206
http://osvdb.org/38505
http://osvdb.org/38505
http://secunia.com/advisories/23750
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213
http://www.vupen.com/english/advisories/2007/0213