Lucene search
HistoryMay 16, 2007 - 1:19 a.m.
CVE-2007-2694
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.005
Percentile
75.7%
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
beaweblogic_serverMatch6.1
ORbeaweblogic_serverMatch6.1express
ORbeaweblogic_serverMatch6.1sp1
ORbeaweblogic_serverMatch6.1sp1express
ORbeaweblogic_serverMatch6.1sp2
ORbeaweblogic_serverMatch6.1sp2express
ORbeaweblogic_serverMatch6.1sp3
ORbeaweblogic_serverMatch6.1sp3express
ORbeaweblogic_serverMatch6.1sp4
ORbeaweblogic_serverMatch6.1sp4express
ORbeaweblogic_serverMatch6.1sp5
ORbeaweblogic_serverMatch6.1sp5express
ORbeaweblogic_serverMatch6.1sp6
ORbeaweblogic_serverMatch6.1sp6express
ORbeaweblogic_serverMatch6.1sp7
ORbeaweblogic_serverMatch6.1sp7express
ORbeaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0express
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0sp1express
ORbeaweblogic_serverMatch7.0sp2
ORbeaweblogic_serverMatch7.0sp2express
ORbeaweblogic_serverMatch7.0sp3
ORbeaweblogic_serverMatch7.0sp3express
ORbeaweblogic_serverMatch7.0sp4
ORbeaweblogic_serverMatch7.0sp4express
ORbeaweblogic_serverMatch7.0sp5
ORbeaweblogic_serverMatch7.0sp5express
ORbeaweblogic_serverMatch7.0sp6
ORbeaweblogic_serverMatch7.0sp6express
ORbeaweblogic_serverMatch7.0sp7
ORbeaweblogic_serverMatch7.0sp7express
ORbeaweblogic_serverMatch8.1
ORbeaweblogic_serverMatch8.1express
ORbeaweblogic_serverMatch8.1sp1
ORbeaweblogic_serverMatch8.1sp1express
ORbeaweblogic_serverMatch8.1sp2
ORbeaweblogic_serverMatch8.1sp2express
ORbeaweblogic_serverMatch8.1sp3
ORbeaweblogic_serverMatch8.1sp3express
ORbeaweblogic_serverMatch8.1sp4
ORbeaweblogic_serverMatch8.1sp4express
ORbeaweblogic_serverMatch8.1sp5
ORbeaweblogic_serverMatch8.1sp5express
ORbeaweblogic_serverMatch9.0ga
ORbeaweblogic_serverMatch9.0gaexpress
ORbeaweblogic_serverMatch9.1ga
ORbeaweblogic_serverMatch9.1gaexpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2007-2694
2007-05-16 01:00:00
CVE-2008-0902
2008-02-22 21:00:00
cve
cve
CVE-2007-2694
2007-05-16 01:19:00
CVE-2008-0902
2008-02-22 21:44:00
prion
prion
Cross site scripting
2007-05-16 01:19:00
Cross site scripting
2008-02-22 21:44:00
nvd
nvd
CVE-2008-0902
2008-02-22 21:44:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.005
Percentile
75.7%
Related for NVD:CVE-2007-2694