CVE

Id
12953  
CVE No.
CVE-2005-1747  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.  
Phase
Assigned (20050525)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
93198 12953 CVE-2005-1747 BUGTRAQ:20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)  View
93199 12953 CVE-2005-1747 URL:http://marc.info/?l=bugtraq&m=111695921212456&w=2  View
93200 12953 CVE-2005-1747 MISC:http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt  View
93201 12953 CVE-2005-1747 BUGTRAQ:20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)  View
93202 12953 CVE-2005-1747 URL:http://marc.info/?l=bugtraq&m=111695844803328&w=2  View
93203 12953 CVE-2005-1747 MISC:http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt  View
93204 12953 CVE-2005-1747 BUGTRAQ:20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability  View
93205 12953 CVE-2005-1747 URL:http://marc.info/?l=bugtraq&m=111722298705561&w=2  View
93206 12953 CVE-2005-1747 MISC:http://www.appsecinc.com/resources/alerts/general/BEA-001.html  View
93207 12953 CVE-2005-1747 BUGTRAQ:20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability  View
93208 12953 CVE-2005-1747 URL:http://marc.info/?l=bugtraq&m=111722380313416&w=2  View
93209 12953 CVE-2005-1747 MISC:http://www.appsecinc.com/resources/alerts/general/BEA-002.html  View
93210 12953 CVE-2005-1747 BEA:BEA05-80.00  View
93211 12953 CVE-2005-1747 URL:http://dev2dev.bea.com/pub/advisory/130  View
93212 12953 CVE-2005-1747 BID:13717  View
93213 12953 CVE-2005-1747 URL:http://www.securityfocus.com/bid/13717  View
93214 12953 CVE-2005-1747 VUPEN:ADV-2005-0607  View
93215 12953 CVE-2005-1747 URL:http://www.vupen.com/english/advisories/2005/0607  View
93216 12953 CVE-2005-1747 SECTRACK:1014049  View
93217 12953 CVE-2005-1747 URL:http://securitytracker.com/id?1014049  View
93218 12953 CVE-2005-1747 SECUNIA:15486  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
62148 JVNDB-2005-000350 BEA WebLogic Server の入力値のチェックにおけるバッファオーバーフローの脆弱性 BEA WebLogic Server には、入力値の妥当性に対するチェックが不適切であるため、バッファオーバーフローが発生する脆弱性が存在します。 CVE-2005-1749 12953 5 http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000350.html  View