Vulnerability Description
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
References
- http://dev2dev.bea.com/pub/advisory/206PatchVendor Advisory
- http://osvdb.org/38505Broken Link
- http://secunia.com/advisories/23750Third Party Advisory
- http://securitytracker.com/id?1017525Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/22082Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/0213Third Party Advisory
- http://dev2dev.bea.com/pub/advisory/206PatchVendor Advisory
- http://osvdb.org/38505Broken Link
- http://secunia.com/advisories/23750Third Party Advisory
- http://securitytracker.com/id?1017525Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/22082Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/0213Third Party Advisory
FAQ
What is CVE-2007-0412?
CVE-2007-0412 is a vulnerability with a CVSS score of 5.0 (MEDIUM). BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files tha...
How severe is CVE-2007-0412?
CVE-2007-0412 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0412?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.