CVE-2007-2705

Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/239	Patch Vendor Advisory
http://www.securitytracker.com/id?1018059
http://www.vupen.com/english/advisories/2007/1815
http://osvdb.org/36063
https://exchange.xforce.ibmcloud.com/vulnerabilities/34281

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_workshop:8.1:sp3::::::
	cpe:2.3:a:bea:weblogic_workshop:8.1:sp4::::::
	cpe:2.3:a:bea:weblogic_workshop:8.1:sp5::::::
	cpe:2.3:a:bea:weblogic_workshop:8.1:sp6::::::
	cpe:2.3:a:bea:weblogic_integration:9.2:::::::*
	cpe:2.3:a:bea:weblogic_workshop:8.1:sp2::::::

Information

Published : 2007-05-15 18:19

Updated : 2017-07-28 18:31

NVD link : CVE-2007-2705

Mitre link : CVE-2007-2705

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

bea

weblogic_integration
weblogic_workshop

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/pub/advisory/239", "name": "BEA07-170.00", "tags": ["Patch", "Vendor Advisory"], "refsource": "BEA"}, {"url": "http://www.securitytracker.com/id?1018059", "name": "1018059", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2007/1815", "name": "ADV-2007-1815", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/36063", "name": "36063", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34281", "name": "weblogic-testview-directory-traversal(34281)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-2705", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-05-16T01:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_integration:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}