Vulnerability Description
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Integration | 9.2 |
| Bea | Weblogic Workshop | 8.1 |
References
- http://dev2dev.bea.com/pub/advisory/239PatchVendor Advisory
- http://osvdb.org/36063
- http://www.securitytracker.com/id?1018059
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34281
- http://dev2dev.bea.com/pub/advisory/239PatchVendor Advisory
- http://osvdb.org/36063
- http://www.securitytracker.com/id?1018059
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34281
FAQ
What is CVE-2007-2705?
CVE-2007-2705 is a vulnerability with a CVSS score of 7.8 (HIGH). Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote at...
How severe is CVE-2007-2705?
CVE-2007-2705 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2705?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Integration, Bea Weblogic Workshop.