Vulnerabilites related to bea - tuxedo
cve-2001-1477
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6326 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"name": "bea-tuxedo-remote-access(6326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"name": "bea-tuxedo-remote-access(6326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"name": "bea-tuxedo-remote-access(6326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1477",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5576
Vulnerability from cvelistv5
Published
2007-10-18 21:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45478 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 | vdb-entry, x_refsource_XF | |
| http://dev2dev.bea.com/pub/advisory/226 | vendor-advisory, x_refsource_BEA | |
| http://www.vupen.com/english/advisories/2007/1813 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45478",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45478",
"refsource": "OSVDB",
"url": "http://osvdb.org/45478"
},
{
"name": "weblogic-tuxedo-information-disclosure(34290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"name": "BEA07-158.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"name": "ADV-2007-1813",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1813"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5576",
"datePublished": "2007-10-18T21:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0621
Vulnerability from cvelistv5
Published
2003-11-05 05:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106762000607681&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13559 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/8931 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "bea-tuxedo-file-disclosure(13559)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559"
},
{
"name": "8931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "bea-tuxedo-file-disclosure(13559)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559"
},
{
"name": "8931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "bea-tuxedo-file-disclosure(13559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559"
},
{
"name": "8931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0621",
"datePublished": "2003-11-05T05:00:00",
"dateReserved": "2003-07-31T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0623
Vulnerability from cvelistv5
Published
2003-11-05 05:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13561 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=106762000607681&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8931 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bea-tuxedo-filename-xss(13561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561"
},
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "8931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bea-tuxedo-filename-xss(13561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561"
},
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "8931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bea-tuxedo-filename-xss(13561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561"
},
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "8931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0623",
"datePublished": "2003-11-05T05:00:00",
"dateReserved": "2003-07-31T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0622
Vulnerability from cvelistv5
Published
2003-11-05 05:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106762000607681&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13560 | vdb-entry, x_refsource_XF | |
| http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/8931 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"name": "bea-tuxedo-device-dos(13560)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "8931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"name": "bea-tuxedo-device-dos(13560)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "8931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"name": "bea-tuxedo-device-dos(13560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560"
},
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"name": "8931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0622",
"datePublished": "2003-11-05T05:00:00",
"dateReserved": "2003-07-31T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2003-12-01 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C2EF5B-C454-4BED-81F6-59FCC531D99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D0B4-EF75-41BC-BD95-32DAA0BE4415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1719019F-64EB-432D-98DF-839F92C8ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC74F617-4CA9-4B0C-87C7-C49A73934CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95C77782-600F-4BBB-B71D-C28FDD9AAF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30BF1224-40A6-454F-B6CF-3BEEBE3272B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "87092B8D-8AF5-498C-9187-D64820CF218B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D79F6858-4D7F-4EB3-BDB3-957AD6795ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "AC966FC9-3ED4-4CCD-B1E6-74E8CC7CEBCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument."
},
{
"lang": "es",
"value": "Vulnerabilidad de scripts en sitios cruzados en la consola de adminstraci\u00f3n de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos inyectar script web arbitrario mediante una argumento INFILE."
}
],
"id": "CVE-2003-0623",
"lastModified": "2024-11-20T23:45:09.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8931"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-01 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C2EF5B-C454-4BED-81F6-59FCC531D99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D0B4-EF75-41BC-BD95-32DAA0BE4415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1719019F-64EB-432D-98DF-839F92C8ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC74F617-4CA9-4B0C-87C7-C49A73934CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95C77782-600F-4BBB-B71D-C28FDD9AAF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30BF1224-40A6-454F-B6CF-3BEEBE3272B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "87092B8D-8AF5-498C-9187-D64820CF218B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D79F6858-4D7F-4EB3-BDB3-957AD6795ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "AC966FC9-3ED4-4CCD-B1E6-74E8CC7CEBCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument."
},
{
"lang": "es",
"value": "La consola de adminstraci\u00f3n de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos determinar la existencia de ficheros fuera de la ra\u00edz web mediante rutas modificadas en el argumento INFILE."
}
],
"id": "CVE-2003-0621",
"lastModified": "2024-11-20T23:45:09.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8931"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC74F617-4CA9-4B0C-87C7-C49A73934CEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain."
}
],
"id": "CVE-2001-1477",
"lastModified": "2024-11-20T23:37:47.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6326"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-18 21:17
Modified
2024-11-21 00:38
Severity ?
Summary
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95C77782-600F-4BBB-B71D-C28FDD9AAF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30BF1224-40A6-454F-B6CF-3BEEBE3272B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53E28DE8-4868-4DCE-8F8C-7967F2515D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "60231665-A976-4831-9419-AA332D3CC3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C67B3D8E-EBFF-4926-B696-9DC123A667EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "DA53F4D4-CABE-47A4-A900-840B5B933D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "4CE99F33-A818-441D-A4AF-773C5422D992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "FC355584-B0B1-4834-B2C9-4671AC4ED382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_integration:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64003CF-C562-491A-8430-B8D40CEC528C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "AC966FC9-3ED4-4CCD-B1E6-74E8CC7CEBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
"matchCriteriaId": "05AFBE78-C611-4EA2-8B00-5F8B61696CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
"matchCriteriaId": "C3B7752C-B297-480A-B3FC-948EA081670C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
"matchCriteriaId": "71892EC0-E6B1-4214-AC53-06489F711829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
"matchCriteriaId": "696F52AE-FEB9-4090-872E-FDFD969F5604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
"matchCriteriaId": "DCED03B6-7565-4F53-8D85-F3391BF66988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
"matchCriteriaId": "B70F0353-635F-465B-A7E5-AF2D017AB008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*",
"matchCriteriaId": "FED6AE20-974B-44A7-98C4-F69E6E33D9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*",
"matchCriteriaId": "F77E777F-7EB5-4A08-9063-C772B49B5E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"matchCriteriaId": "D59F9859-7344-43F0-9348-E57FABB9E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
"matchCriteriaId": "0A4EC87D-EF83-48C5-B516-A6A482D9F525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*",
"matchCriteriaId": "6BBA04D4-BA2E-4495-85DE-38918A878012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "B46A3EBE-B268-427E-AAB5-62DDF255F1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*",
"matchCriteriaId": "A3024422-1CA9-4E5D-80D1-2F4B57FDAEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*",
"matchCriteriaId": "596178D8-B7BB-4793-81C1-119ED353CF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5485722F-5DE4-4CD4-865F-32585537F523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "3CCEDE54-97F3-457A-9886-5BD91C9AED2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
"matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*",
"matchCriteriaId": "55661356-58E0-49D3-9C79-B4BB5EBE24CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
"matchCriteriaId": "107C2FC6-BC60-4817-8A21-14C81DA6DEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*",
"matchCriteriaId": "24E0BA12-971C-4DC4-8ED2-9B7DCD6390E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*",
"matchCriteriaId": "17280B97-D499-434E-BD89-FD348E9E2E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:express:*:*:*:*:*",
"matchCriteriaId": "B06BDF43-A534-4F38-813D-72F538549F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "AD6F9694-259F-4631-BC93-B1136F08E77E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "77624161-7740-4162-9C83-C0DFEA2BBCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E785D039-3426-4C1F-BBA8-7C6D32FB141E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "D4B2A474-B6C4-47B6-8B20-8722A8C25238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "2FDBD7AF-51AC-48B9-A465-0C13B9230EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
},
{
"lang": "es",
"value": "BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contrase\u00f1a en texto claro, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible a trav\u00e9s de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls."
}
],
"evaluatorSolution": "More information can be found regarding patch information at:\r\nhttp://www.securityfocus.com/bid/23979/solution",
"id": "CVE-2007-5576",
"lastModified": "2024-11-21T00:38:13.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-18T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45478"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1813"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev2dev.bea.com/pub/advisory/226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-01 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C2EF5B-C454-4BED-81F6-59FCC531D99F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4D0B4-EF75-41BC-BD95-32DAA0BE4415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1719019F-64EB-432D-98DF-839F92C8ED2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC74F617-4CA9-4B0C-87C7-C49A73934CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95C77782-600F-4BBB-B71D-C28FDD9AAF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30BF1224-40A6-454F-B6CF-3BEEBE3272B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "87092B8D-8AF5-498C-9187-D64820CF218B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D79F6858-4D7F-4EB3-BDB3-957AD6795ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "AC966FC9-3ED4-4CCD-B1E6-74E8CC7CEBCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX."
},
{
"lang": "es",
"value": "La consola de adminstraci\u00f3n de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue) mediante argumentos de nombre de ruta que contienen nombres de dispositivos de MS-DOS como CON o AUX."
}
],
"id": "CVE-2003-0622",
"lastModified": "2024-11-20T23:45:09.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8931"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106762000607681\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}