CVE-2007-2695 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

2.3%

top 15.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedMay 16

Latest updateMay 1

Description

The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDbea/weblogic_server5 versions+4

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-vjqc-7xg4-968v: The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6↗2022-05-01

▶

CVEList

CVE-2007-2695: The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6↗2007-05-16

▶