Vulnerability Description
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.0 |
References
- http://dev2dev.bea.com/pub/advisory/162Vendor Advisory
- http://secunia.com/advisories/10218PatchVendor Advisory
- http://secunia.com/advisories/18396Vendor Advisory
- http://www.osvdb.org/3064
- http://www.securityfocus.com/bid/16215
- http://www.securityfocus.com/bid/9034Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13752
- http://dev2dev.bea.com/pub/advisory/162Vendor Advisory
- http://secunia.com/advisories/10218PatchVendor Advisory
- http://secunia.com/advisories/18396Vendor Advisory
- http://www.osvdb.org/3064
- http://www.securityfocus.com/bid/16215
- http://www.securityfocus.com/bid/9034Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13752
FAQ
What is CVE-2003-1290?
CVE-2003-1290 is a vulnerability with a CVSS score of 5.0 (MEDIUM). BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java...
How severe is CVE-2003-1290?
CVE-2003-1290 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1290?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.