Vulnerability Name:

CVE-2002-1030 (CCN-9486)

Assigned:2002-07-04
Published:2002-07-04
Updated:2008-09-05
Summary:Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Mon Jul 08 2002 - 02:25:00 CDT
KPMG-2002029: Bea Weblogic Performance Pack Denial of Service

Source: VULNWATCH
Type: UNKNOWN
20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service

Source: MITRE
Type: CNA
CVE-2002-1030

Source: CONFIRM
Type: UNKNOWN
http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm

Source: BUGTRAQ
Type: UNKNOWN
20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service

Source: XF
Type: Patch, Vendor Advisory
weblogic-race-condition-dos(9486)

Source: CCN
Type: OSVDB ID: 5025
BEA WebLogic Server and Expres Performance Pack Race Condition DoS

Source: BID
Type: Patch, Vendor Advisory
5159

Source: CCN
Type: BID-5159
BEA Systems WebLogic Server and Express Race Condition Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
weblogic-race-condition-dos(9486)

Source: CCN
Type: BEA Systems, Inc. Security Advisory (BEA02-19.00)
Patch available to prevent DOS attack

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bea:weblogic_server:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp10:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp10:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp11:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp12:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp5:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp7:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp7:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp8:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp8:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp9:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:5.1:sp9:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.0:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:weblogic_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:5.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    bea weblogic server 5.1
    bea weblogic server 5.1
    bea weblogic server 5.1 sp1
    bea weblogic server 5.1 sp1
    bea weblogic server 5.1 sp10
    bea weblogic server 5.1 sp10
    bea weblogic server 5.1 sp11
    bea weblogic server 5.1 sp12
    bea weblogic server 5.1 sp12
    bea weblogic server 5.1 sp2
    bea weblogic server 5.1 sp2
    bea weblogic server 5.1 sp3
    bea weblogic server 5.1 sp3
    bea weblogic server 5.1 sp4
    bea weblogic server 5.1 sp4
    bea weblogic server 5.1 sp5
    bea weblogic server 5.1 sp5
    bea weblogic server 5.1 sp6
    bea weblogic server 5.1 sp6
    bea weblogic server 5.1 sp7
    bea weblogic server 5.1 sp7
    bea weblogic server 5.1 sp8
    bea weblogic server 5.1 sp8
    bea weblogic server 5.1 sp9
    bea weblogic server 5.1 sp9
    bea weblogic server 6.0
    bea weblogic server 6.0
    bea weblogic server 6.0 sp1
    bea weblogic server 6.0 sp1
    bea weblogic server 6.0 sp2
    bea weblogic server 6.0 sp2
    bea weblogic server 6.1
    bea weblogic server 6.1
    bea weblogic server 6.1 sp1
    bea weblogic server 6.1 sp1
    bea weblogic server 6.1 sp2
    bea weblogic server 6.1 sp2
    bea weblogic server 6.1 sp3
    bea weblogic server 6.1 sp3
    bea weblogic server 7.0
    oracle weblogic server 6.0
    oracle weblogic server 6.1
    oracle weblogic server 5.1