mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
117 lines
3.5 KiB
JSON
117 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2007-2699",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2007-05-16T01:19:00.000",
|
|
"lastModified": "2019-05-28T17:29:00.320",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La Consola de Administraci\u00f3n en BEA WebLogic Express y WebLogic Server 9.0 y 9.1 no hace cumplir correctamente ciertas Pol\u00edticas de Seguridad del Dominio, lo cual permite a usuarios administradores remotos en el rol de Desplegador (Deployer) enviar ficheros de su elecci\u00f3n."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 7.1
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": true,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:express:*:*:*:*:*",
|
|
"matchCriteriaId": "0EDB38AA-CAC4-4C89-8484-7C2A75F8038F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*",
|
|
"matchCriteriaId": "17280B97-D499-434E-BD89-FD348E9E2E0C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://dev2dev.bea.com/pub/advisory/231",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://securitytracker.com/id?1018057",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2007/1815",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34289",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |