BEA WebLogic Server and Express 6.0 up to and including 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote malicious users to read arbitrary files or execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 6.0 |
||
bea weblogic server 6.1 |
||
bea weblogic server 7.0.0.1 |
||
bea weblogic server 7.0 |