CVE-2003-0622Tuxedo vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BEA TuxedoBEA Weblogic Server
Timeline
PublishedDec 1
Latest updateApr 29

Description

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDbea/tuxedo6 versions+5
NVDbea/weblogic_server4.2, 5.0.1, 5.1+2

Patches

Patch: dev2dev.bea.comPatch: www.securityfocus.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-4xg9-f56j-rgp2: The Administration Console for BEA Tuxedo 82022-04-29
CVEList
CVE-2003-0622: The Administration Console for BEA Tuxedo 82003-11-05
CVE-2003-0622 — BEA Tuxedo vulnerability | cvebase