Vulnerability Description
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Tuxedo | 6.3 |
| Bea | Weblogic Server | 4.2 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=106762000607681&w=2
- http://www.securityfocus.com/bid/8931ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13559
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.PatchVendor Advisory
- http://marc.info/?l=bugtraq&m=106762000607681&w=2
- http://www.securityfocus.com/bid/8931ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13559
FAQ
What is CVE-2003-0621?
CVE-2003-0621 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
How severe is CVE-2003-0621?
CVE-2003-0621 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0621?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Tuxedo, Bea Weblogic Server.