Published: 01/12/2003 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bea tuxedo 6.3
bea tuxedo 6.4
bea weblogic server 5.1
bea weblogic server 4.2
bea weblogic server 5.0.1
bea tuxedo 6.5
bea tuxedo 7.1
bea tuxedo 8.0
bea tuxedo 8.1

source: wwwsecurityfocuscom/bid/8931/info A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console The script is reported to accept various initialization arguments such as INIFILE that are not properly sanitized for user-supplied input This issue may allow an attacker to carry out ...

NVD-CWE-Other http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp http://www.securityfocus.com/bid/8931 http://marc.info/?l=bugtraq&m=106762000607681&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/13559 https://nvd.nist.gov https://www.exploit-db.com/exploits/23312/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0621

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect