Vulnerability Description
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
References
- http://dev2dev.bea.com/pub/advisory/227
- http://dev2dev.bea.com/pub/advisory/274
- http://osvdb.org/36074
- http://secunia.com/advisories/25284PatchVendor Advisory
- http://secunia.com/advisories/29041
- http://securitytracker.com/id?1018057Patch
- http://www.vupen.com/english/advisories/2007/1815
- http://www.vupen.com/english/advisories/2008/0612/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34282
- http://dev2dev.bea.com/pub/advisory/227
- http://dev2dev.bea.com/pub/advisory/274
- http://osvdb.org/36074
- http://secunia.com/advisories/25284PatchVendor Advisory
- http://secunia.com/advisories/29041
- http://securitytracker.com/id?1018057Patch
FAQ
What is CVE-2007-2695?
CVE-2007-2695 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "exter...
How severe is CVE-2007-2695?
CVE-2007-2695 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2695?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.