Vulnerabilities > CVE-2007-0417 - Products Multiple vulnerability in BEA

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

bea

critical

NVD

Published: 2007-01-23

Updated: 2011-03-08

Summary

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0 BEA Weblogic Server 5.1 BEA Weblogic Server 6.1 BEA Weblogic Server 8.1 BEA Weblogic Server 9.0 BEA Weblogic Server 9.1	12

References

http://dev2dev.bea.com/pub/advisory/211
http://osvdb.org/38511
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213