Vulnerability CVE-2009-1974 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1974 (CCN-51758)

Assigned:

2009-07-09

Published:

2009-07-09

Updated:

2017-08-17

Summary:

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Servlet Container Package.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2009-1974

Source: OSVDB
Type: UNKNOWN
55906

Source: CCN
Type: SA35776
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35776

Source: CCN
Type: SECTRACK ID: 1022561
WebLogic Server Bugs Let Remote Users Gain Access and Modify Data and Deny Service

Source: CCN
Type: Oracle Critical Patch Update Advisory - July 2009
Oracle Critical Patch Update Advisory - July 2009

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

Source: CCN
Type: OSVDB ID: 55906
Oracle BEA WebLogic Server Servlet Container Package Unspecified Unauthenticated Remote Issue

Source: BID
Type: UNKNOWN
35674

Source: CCN
Type: BID-35674
Oracle WebLogic Server CVE-2009-1974 Remote Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022561

Source: VUPEN
Type: UNKNOWN
ADV-2009-1900

Source: XF
Type: UNKNOWN
oracle-bea-wls-container-unspecified(51758)

Source: XF
Type: UNKNOWN
oracle-bea-wls-container-unspecified(51758)

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*

OR cpe:/a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*

Denotes that component is vulnerable