CVE-2007-0416Weblogic Server vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedJan 23
Latest updateMay 1

Description

The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server9.0, 9.1+1

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

3
GHSA
GHSA-r94f-3fx8-fr52: The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 92022-05-01
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files2018-08-23
CVEList
CVE-2007-0416: The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 92007-01-23

💬Community

1
Bugzilla
CVE-2010-0416 HelixPlayer / RealPlayer: URL unescape buffer overflow2010-02-04
CVE-2007-0416 — BEA Weblogic Server vulnerability | cvebase