Vulnerability Description
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
- http://marc.info/?l=bugtraq&m=104792477914620&w=2
- http://marc.info/?l=bugtraq&m=104792544515384&w=2
- http://www.s21sec.com/en/avisos/s21sec-011-en.txt
- http://www.securityfocus.com/bid/7122
- http://www.securityfocus.com/bid/7124
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
- http://marc.info/?l=bugtraq&m=104792477914620&w=2
- http://marc.info/?l=bugtraq&m=104792544515384&w=2
- http://www.s21sec.com/en/avisos/s21sec-011-en.txt
- http://www.securityfocus.com/bid/7122
- http://www.securityfocus.com/bid/7124
FAQ
What is CVE-2003-0151?
CVE-2003-0151 is a vulnerability with a CVSS score of 7.5 (HIGH). BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary fi...
How severe is CVE-2003-0151?
CVE-2003-0151 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0151?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.