NVD

Id
54859  
Name
CVE-2007-2695  
Description
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-05-15  
Modified Date
2011-03-07  
Seq
2007-2695  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
278447 54859 CVE-2007-2695 BEA07-159.00  View
278448 54859 CVE-2007-2695 BEA08-159.01  View
278449 54859 CVE-2007-2695 1018057  View
278450 54859 CVE-2007-2695 ADV-2007-1815  View
278451 54859 CVE-2007-2695 ADV-2008-0612  View
278452 54859 CVE-2007-2695 weblogic-servlet-unauthorized-access(34282)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
51713 JVNDB-2007-000376 BEA WebLogic Server のプロキシサーブレットを介して管理者リソースにアクセスされる問題 BEA WebLogic Server のプロキシサーブレット HttpClusterServlet 及び HttpProxyServlet には、SecureProxy を設定している際に、プロキシ自身の ID の代わりに system ID で外部リクエストを処理してしまう問題があります。 CVE-2007-2695 26050 CVE-2007-2695 54859 5.1 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000376.html 2007-05-14 2007-05-31 View