Vulnerability CVE-2008-2581 - CERT Civis.Net

Vulnerability Name:

CVE-2008-2581 (CCN-43824)

Assigned:

2008-07-15

Published:

2008-07-15

Updated:

2017-08-08

Summary:

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-2581

Source: HP
Type: UNKNOWN
SSRT061201

Source: CCN
Type: SA31087
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31087

Source: CCN
Type: SA31113
HP Oracle for OpenView Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31113

Source: CCN
Type: SECTRACK ID: 1020498
Oracle WebLogic Server Bugs Let Remote Users Access and Modify Data and Cause Denial of Service Conditions

Source: CCN
Type: Oracle Critical Patch Update - July 2008
Oracle Critical Patch Update Advisory - July 2008

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

Source: CCN
Type: BID-30177
Oracle July 2008 Critical Patch Update Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020498

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2109

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2115

Source: XF
Type: UNKNOWN
oracle-weblogic-uddiexplorer-unauth-access(43824)

Source: XF
Type: UNKNOWN
oracle-weblogic-uddiexplorer-unauth-access(43824)

Source: CCN
Type: BEA Support Web site
Elevation of privilege vulnerabilities in the UDDI Explorer

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server_component:7.0:sp7:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server_component:8.1:sp6:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server_component:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server_component:9.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server_component:9.2:mp3:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server_component:10.0:mp1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:weblogic_server:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:9.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:weblogic_server:9.2.0.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable