fkie_nvd - fkie_cve-2003-0151

fkie_cve-2003-0151

Vulnerability from fkie_nvd

Published

2003-03-24 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

References

▶	URL	Tags
	cve@mitre.org	http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
	cve@mitre.org	http://marc.info/?l=bugtraq&m=104792477914620&w=2
	cve@mitre.org	http://marc.info/?l=bugtraq&m=104792544515384&w=2
	cve@mitre.org	http://www.s21sec.com/en/avisos/s21sec-011-en.txt
	cve@mitre.org	http://www.securityfocus.com/bid/7122
	cve@mitre.org	http://www.securityfocus.com/bid/7124
	af854a3a-2127-422b-91ae-364da2661108	http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104792477914620&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104792544515384&w=2
	af854a3a-2127-422b-91ae-364da2661108	http://www.s21sec.com/en/avisos/s21sec-011-en.txt
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/7122
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/7124

Impacted products

Vendor	Product	Version
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9AB3C0-8783-4160-AE2D-D1E5AAAA0A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "80D90123-74BA-4A70-9A10-6980BAD270B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BDE9282D-C32F-4D2F-81BE-75E447925A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "14A085BB-27C9-488F-91F8-19625BF23B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3E6644EF-C875-4005-A628-0AED7B7BB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "8556E775-D130-4658-AFE2-28188224ED54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDCF6AE-43DC-4AE5-9260-CA657F40BE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "05AFBE78-C611-4EA2-8B00-5F8B61696CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5DFE26B3-31F2-4FC0-854D-56EA4D08C28A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "C3B7752C-B297-480A-B3FC-948EA081670C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "63017BF8-D681-45EC-9C31-09D029F1126D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "71892EC0-E6B1-4214-AC53-06489F711829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8E0B1791-974A-4967-8CF9-33BE8183200B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "696F52AE-FEB9-4090-872E-FDFD969F5604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "7B12A8B1-F78E-46B3-8872-4C6484345477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "DCED03B6-7565-4F53-8D85-F3391BF66988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "25C711BB-E7E0-41D8-985E-5DD386C54637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "071FAD20-D502-4634-852A-4CD06FE8E114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "AB5909DB-B2E2-4358-9D45-C225C6B02360",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "BEA Weblogic Server y Express 6.0 a 7.0 no restringe adecuadamente el acceso a ciertos servlets internos que llevan a cabo funciones administrativas, lo que permite a atacantes remotos leer ficheros arbitrarios o ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2003-0151",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-24T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104792477914620\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104792544515384\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.s21sec.com/en/avisos/s21sec-011-en.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/7122"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/7124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104792477914620\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104792544515384\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.s21sec.com/en/avisos/s21sec-011-en.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/7122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/7124"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2003-0151 (GCVE-0-2003-0151)

Vulnerability from cvelistv5

Published

2003-03-21 05:00