Vulnerability CVE-2005-1747 - CERT Civis.Net

Vulnerability Name:

CVE-2005-1747 (CCN-20802)

Assigned:

2005-05-24

Published:

2005-05-24

Updated:

2018-10-30

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-1747

Source: BEA
Type: Vendor Advisory
BEA05-80.00

Source: CCN
Type: BEA Systems Inc. Web site
BEA Product Documentation

Source: BUGTRAQ
Type: UNKNOWN
20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)

Source: BUGTRAQ
Type: UNKNOWN
20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)

Source: BUGTRAQ
Type: UNKNOWN
20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability

Source: CCN
Type: SA15486
BEA WebLogic Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
15486

Source: CCN
Type: SECTRACK ID: 1014049
BEA WebLogic Server and WebLogic Portal Have Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1014049

Source: MISC
Type: UNKNOWN
http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt

Source: MISC
Type: UNKNOWN
http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt

Source: MISC
Type: UNKNOWN
http://www.appsecinc.com/resources/alerts/general/BEA-001.html

Source: CCN
Type: SHATTER Team Security Alert
BEA WebLogic Administration Console login page cross-site scripting vulnerability

Source: MISC
Type: UNKNOWN
http://www.appsecinc.com/resources/alerts/general/BEA-002.html

Source: CCN
Type: OSVDB ID: 16838
BEA WebLogic Server Console Login Page XSS

Source: CCN
Type: OSVDB ID: 16844
BEA WebLogic Server Console Returned Document XSS

Source: BID
Type: UNKNOWN
13717

Source: CCN
Type: BID-13717
BEA WebLogic Server and WebLogic Express Multiple Remote Vulnerabilities

Source: CCN
Type: BID-13793
BEA WebLogic Administration Console LoginForm.jsp Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-0607

Source: XF
Type: UNKNOWN
weblogic-login-xss(20802)

Source: CCN
Type: BEA Security Advisory (BEA05-80.00)
Patches available to prevent multiple cross-site scripting (XSS) vulnerabilities.

Source: CCN
Type: BEA Systems Security Advisory: (BEA05-80.01)
Patches available to prevent multiple cross-site scripting (XSS) vulnerabilities

Vulnerable Configuration:

Configuration 1:

cpe:/a:bea:weblogic_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*

OR cpe:/a:oracle:weblogic_portal:8.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:weblogic_portal:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable