BEA WebLogic 7.0/7.0.0.1/8.1 administrator Remote Code Execution
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.8 | $0-$5k | 0.00 |
A vulnerability was found in BEA WebLogic 7.0/7.0.0.1/8.1 (Application Server Software). It has been rated as critical. This issue affects some unknown functionality of the file administrator. The manipulation with an unknown input leads to a remote code execution vulnerability. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
The bug was discovered 04/13/2004. The weakness was released 04/13/2004 with Bea Systems (Website). It is possible to read the advisory at dev2dev.bea.com. The identification of this vulnerability is CVE-2004-0652 since 07/09/2004. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known.
It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 87198 (Oracle WebLogic Server Multiple Vulnerabilities (BEA04-53.00,BEA04-54.00,BEA04-55.00)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at ftpna.beasys.com.
The vulnerability is also documented in the vulnerability database at X-Force (15865).
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 8.8
VulDB Base Score: 9.8
VulDB Temp Score: 8.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Remote Code ExecutionCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: ftpna.beasys.com
Timeline
04/13/2004 🔍04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/13/2004 🔍
04/14/2004 🔍
04/14/2004 🔍
07/09/2004 🔍
08/06/2004 🔍
01/20/2005 🔍
06/28/2019 🔍
Sources
Vendor: oracle.comAdvisory: dev2dev.bea.com
Researcher: http://www.beasys.com
Organization: Bea Systems
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2004-0652 (🔍)
X-Force: 15865 - BEA WebLogic Server and Express allows administrator or operator privileges, High Risk
SecurityTracker: 1009766
Vulnerability Center: 6873 - BEA WebLogic Server and WebLogic Express 7.0, 8.1 Allow Information Disclosure, Low
SecurityFocus: 10133 - BEA WebLogic Local Password Disclosure Vulnerability
Secunia: 11359 - BEA WebLogic Exposure of Administrative Credentials, Less Critical
OSVDB: 5296 - BEA WebLogic Internal Method Boot Credential Disclosure
Entry
Created: 04/14/2004 16:19Updated: 06/28/2019 09:43
Changes: 04/14/2004 16:19 (86), 06/28/2019 09:43 (1)
Complete: 🔍
Cache ID: 3:4EF:103
No comments yet. Languages: en.
Please log in to comment.