CVE-2007-0412Weblogic Server vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 25.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedJan 23
Latest updateMay 1

Description

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server6.1, 7.0, 8.1+2

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-2x5r-8r9r-74wv: BEA WebLogic Server 62022-05-01
CVEList
CVE-2007-0412: BEA WebLogic Server 62007-01-23
CVE-2007-0412 — BEA Weblogic Server vulnerability | cvebase