CVE-2007-6384

Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/255	Vendor Advisory
http://osvdb.org/41880
http://secunia.com/advisories/28078	Patch Vendor Advisory
http://www.securitytracker.com/id?1019091	Patch
http://www.vupen.com/english/advisories/2007/4204
https://exchange.xforce.ibmcloud.com/vulnerabilities/39005

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_mobility_server:3.3:::::::*
	cpe:2.3:a:bea:weblogic_mobility_server:3.5:::::::*
	cpe:2.3:a:bea:weblogic_mobility_server:3.6:::::::*
	cpe:2.3:a:bea:weblogic_mobility_server:3.6:sp1::::::

History

No history.

Information

Published : 2007-12-15 02:46

Updated : 2024-02-04 17:13

NVD link : CVE-2007-6384

Mitre link : CVE-2007-6384

CVE.ORG link : CVE-2007-6384

JSON object : View

Products Affected

bea

weblogic_mobility_server

CWE

CWE-287

Improper Authentication

{"id": "CVE-2007-6384", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-15T02:46:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/255", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/41880", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28078", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019091", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4204", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39005", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en la funcionalidad Image Converter de BEA WebLogic Mobility Server 3.3, 3.5, y 3.6 hasta la 3.6 SP1. Permite que atacantes remotos obtengan el fichero de solicitud y acceso a recursos, a trav\u00e9s de vectores sin especificar."}], "lastModified": "2017-08-08T01:29:07.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_mobility_server:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A888C92-98AB-4364-8096-38E0601206B3"}, {"criteria": "cpe:2.3:a:bea:weblogic_mobility_server:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F67944AC-7E54-49EC-896F-BCDB0A6F5089"}, {"criteria": "cpe:2.3:a:bea:weblogic_mobility_server:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75B86EF7-9EDE-494B-A8CE-A07E97CFE215"}, {"criteria": "cpe:2.3:a:bea:weblogic_mobility_server:3.6:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19062190-0250-41AE-9B29-C8F4C497F06B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}