Vulnerabilities > CVE-2007-2699 - File-Upload vulnerability in Weblogic Server 9.0/9.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/153072/oats_weblogic_console.rb.txt |
| id | PACKETSTORM:153072 |
| last seen | 2019-05-29 |
| published | 2019-05-24 |
| reporter | mr_me |
| source | https://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html |
| title | Oracle Application Testing Suite WebLogic Server Administration Console War Deployment |
References
- http://dev2dev.bea.com/pub/advisory/231
- http://osvdb.org/36069
- http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html
- http://secunia.com/advisories/25284
- http://securitytracker.com/id?1018057
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34289