CVE-2007-6384

Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/255	Vendor Advisory
http://www.securitytracker.com/id?1019091	Patch
http://secunia.com/advisories/28078	Patch Vendor Advisory
http://osvdb.org/41880
http://www.vupen.com/english/advisories/2007/4204
https://exchange.xforce.ibmcloud.com/vulnerabilities/39005

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_mobility_server:3.5:::::::*
	cpe:2.3:a:bea:weblogic_mobility_server:3.6:::::::*
	cpe:2.3:a:bea:weblogic_mobility_server:3.6:sp1::::::
	cpe:2.3:a:bea:weblogic_mobility_server:3.3:::::::*

Information

Published : 2007-12-14 18:46

Updated : 2017-08-07 18:29

NVD link : CVE-2007-6384

Mitre link : CVE-2007-6384

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

bea

weblogic_mobility_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/pub/advisory/255", "name": "BEA07-182.00", "tags": ["Vendor Advisory"], "refsource": "BEA"}, {"url": "http://www.securitytracker.com/id?1019091", "name": "1019091", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/28078", "name": "28078", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/41880", "name": "41880", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/4204", "name": "ADV-2007-4204", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39005", "name": "weblogic-imageconverter-info-disclosure(39005)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-6384", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-12-15T02:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:weblogic_mobility_server:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_mobility_server:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_mobility_server:3.6:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_mobility_server:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}

7.5 /10