CVE-2007-0425

Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/222	Vendor Advisory
http://osvdb.org/38515
http://secunia.com/advisories/23750	Vendor Advisory
http://securitytracker.com/id?1017525
http://www.vupen.com/english/advisories/2007/0213

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:jrockit::r24.5::::::*
	cpe:2.3:a:bea:weblogic_server::sp5::::::*
	cpe:2.3:a:bea:weblogic_server:8.1:::::::*

History

No history.

Information

Published : 2007-01-23 00:28

Updated : 2011-03-08 02:49

NVD link : CVE-2007-0425

Mitre link : CVE-2007-0425

CVE.ORG link : CVE-2007-0425

JSON object : View

Products Affected

bea

jrockit
weblogic_server

CWE

NVD-CWE-Other

{"id": "CVE-2007-0425", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-23T00:28:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/222", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38515", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23750", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017525", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0213", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an \"overflow condition,\" probably a buffer overflow."}, {"lang": "es", "value": "Vulnerabilidad no especificada en BEA WebLogic Platform and Server 8.1 hasta 8.1 SP5, y JRockit 1.4.2 R4.5 y anteriores, permite a los atacantes obtener privilegios a trav\u00e9s de vectores no especificados, relacionados con una \"condici\u00f3n de desbordamiento\", probablemente un desbordamiento de b\u00fafer."}], "lastModified": "2011-03-08T02:49:44.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:jrockit:*:r24.5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9979205D-FC70-4FD8-B69F-AFFA4E8E3979", "versionEndIncluding": "1.4.2"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:*:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22897797-8E89-4B31-99B8-B22D6F6056A3", "versionEndIncluding": "8.1"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}