Vulnerability Description
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 9.0 |
References
- http://dev2dev.bea.com/pub/advisory/214PatchVendor Advisory
- http://osvdb.org/38514
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
- http://dev2dev.bea.com/pub/advisory/214PatchVendor Advisory
- http://osvdb.org/38514
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
FAQ
What is CVE-2007-0420?
CVE-2007-0420 is a vulnerability with a CVSS score of 5.0 (MEDIUM). BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
How severe is CVE-2007-0420?
CVE-2007-0420 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0420?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.