CVE-2009-1012

3 documents3 sources

Severity

10.0CRITICAL

EPSS

7.4%

top 8.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle BEA Product Suite

Timeline

PublishedApr 15

Latest updateMay 2

Description

Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP re…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/bea_product_suite7 versions+6

🔴Vulnerability Details

GHSA

GHSA-7g8r-925j-vgfh: Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7↗2022-05-02

▶

CVEList

CVE-2009-1012: Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7↗2009-04-15

▶