CVE-2007-2694

Опубликовано: 16 мая 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://dev2dev.bea.com/pub/advisory/232
Patch
Vendor Advisory
http://osvdb.org/36075
http://secunia.com/advisories/25284
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1815
http://dev2dev.bea.com/pub/advisory/232
Patch
Vendor Advisory
http://osvdb.org/36075
http://secunia.com/advisories/25284
Vendor Advisory
http://www.vupen.com/english/advisories/2007/1815

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:9.0:ga:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:9.1:ga:express:*:*:*:*:*

EPSS

Процентиль: 66%

0.00507

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-63cx-4687-wjvx

github

почти 4 года назад