Vulnerability Name:

CVE-2006-1352 (CCN-25348)

Assigned:2006-03-20
Published:2006-03-20
Updated:2017-07-20
Summary:BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-1352

Source: BEA
Type: Patch, Vendor Advisory
BEA06-123.00

Source: CCN
Type: SA19310
BEA WebLogic Server/Express Two Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19310

Source: CCN
Type: SECTRACK ID: 1015790
WebLogic XML Document Parsing Memory Error Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1015790

Source: CCN
Type: OSVDB ID: 24027
BEA WebLogic Non-canonicalized XML Processing DoS

Source: BID
Type: UNKNOWN
17167

Source: CCN
Type: BID-17167
BEA WebLogic Server Remote Denial Of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1021

Source: XF
Type: UNKNOWN
weblogic-xml-parser-dos(25348)

Source: XF
Type: UNKNOWN
weblogic-xml-parser-dos(25348)

Source: CCN
Type: BEA Systems Inc. Security Advisory: (BEA06-123.00)
Certain XML documents can cause "server out of memory" errors.

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp7:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp6:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    bea weblogic server 6.1
    bea weblogic server 6.1
    bea weblogic server 6.1 sp1
    bea weblogic server 6.1 sp1
    bea weblogic server 6.1 sp2
    bea weblogic server 6.1 sp2
    bea weblogic server 6.1 sp3
    bea weblogic server 6.1 sp4
    bea weblogic server 6.1 sp4
    bea weblogic server 6.1 sp5
    bea weblogic server 6.1 sp5
    bea weblogic server 6.1 sp6
    bea weblogic server 6.1 sp6
    bea weblogic server 6.1 sp7
    bea weblogic server 6.1 sp7
    bea weblogic server 7.0 sp1
    bea weblogic server 7.0 sp1
    bea weblogic server 7.0 sp2
    bea weblogic server 7.0 sp3
    bea weblogic server 7.0 sp3
    bea weblogic server 7.0 sp4
    bea weblogic server 7.0 sp4
    bea weblogic server 7.0 sp5
    bea weblogic server 7.0 sp5
    bea weblogic server 7.0 sp6
    bea weblogic server 7.0 sp6
    bea weblogic server 8.1
    bea weblogic server 8.1
    bea weblogic server 8.1 sp1
    bea weblogic server 8.1 sp1
    bea weblogic server 8.1 sp2
    bea weblogic server 8.1 sp2
    bea weblogic server 8.1 sp3
    bea weblogic server 8.1 sp3
    bea weblogic server 8.1 sp4
    bea weblogic server 8.1 sp4