Vulnerability Name:

CVE-2007-2694 (CCN-34365)

Assigned:2007-05-15
Published:2007-05-15
Updated:2011-03-08
Summary:Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2694

Source: MITRE
Type: CNA
CVE-2008-0902

Source: BEA
Type: Patch, Vendor Advisory
BEA07-80.03

Source: OSVDB
Type: UNKNOWN
36075

Source: CCN
Type: SA25284
BEA Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
25284

Source: CCN
Type: SA29041
BEA WebLogic Products Multiple Vulnerabilities

Source: CCN
Type: OSVDB ID: 36075
BEA WebLogic Unspecified XSS

Source: CCN
Type: OSVDB ID: 41899
BEA WebLogic Multiple Unspecified XSS

Source: CCN
Type: BID-23979
Multiple BEA WebLogic Applications Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-1815

Source: XF
Type: UNKNOWN
weblogic-unspecified-xss(34365)

Source: CCN
Type: BEA07-80.03
Patches available to prevent multiple cross-site scripting (XSS) vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:9.0:ga:express:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*
  • OR cpe:/a:bea:weblogic_server:9.1:ga:express:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    bea weblogic server 6.1
    bea weblogic server 6.1
    bea weblogic server 6.1 sp1
    bea weblogic server 6.1 sp1
    bea weblogic server 6.1 sp2
    bea weblogic server 6.1 sp2
    bea weblogic server 6.1 sp3
    bea weblogic server 6.1 sp3
    bea weblogic server 6.1 sp4
    bea weblogic server 6.1 sp4
    bea weblogic server 6.1 sp5
    bea weblogic server 6.1 sp5
    bea weblogic server 6.1 sp6
    bea weblogic server 6.1 sp6
    bea weblogic server 6.1 sp7
    bea weblogic server 6.1 sp7
    bea weblogic server 7.0
    bea weblogic server 7.0
    bea weblogic server 7.0 sp1
    bea weblogic server 7.0 sp1
    bea weblogic server 7.0 sp2
    bea weblogic server 7.0 sp2
    bea weblogic server 7.0 sp3
    bea weblogic server 7.0 sp3
    bea weblogic server 7.0 sp4
    bea weblogic server 7.0 sp4
    bea weblogic server 7.0 sp5
    bea weblogic server 7.0 sp5
    bea weblogic server 7.0 sp6
    bea weblogic server 7.0 sp6
    bea weblogic server 7.0 sp7
    bea weblogic server 7.0 sp7
    bea weblogic server 8.1
    bea weblogic server 8.1
    bea weblogic server 8.1 sp1
    bea weblogic server 8.1 sp1
    bea weblogic server 8.1 sp2
    bea weblogic server 8.1 sp2
    bea weblogic server 8.1 sp3
    bea weblogic server 8.1 sp3
    bea weblogic server 8.1 sp4
    bea weblogic server 8.1 sp4
    bea weblogic server 8.1 sp5
    bea weblogic server 8.1 sp5
    bea weblogic server 9.0 ga
    bea weblogic server 9.0 ga
    bea weblogic server 9.1 ga
    bea weblogic server 9.1 ga