| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in BEA WebLogic 7.0/8.1. This affects an unknown function of the file /* of the component URL Filter. The manipulation with the input /dir* results in privileges management.
This vulnerability is cataloged as CVE-2004-0711. The attack may be launched remotely. Furthermore, there is an exploit available.
Applying a patch is advised to resolve this issue.
Details
A vulnerability, which was classified as problematic, was found in BEA WebLogic 7.0/8.1 (Application Server Software). Affected is an unknown functionality of the file /* of the component URL Filter. The manipulation with the input value /dir* leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, and integrity. CVE summarizes:
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
The weakness was shared 04/20/2004 with BEA Systems, Inc. (Website). The advisory is shared for download at dev2dev.bea.com. This vulnerability is traded as CVE-2004-0711 since 07/20/2004. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1068.
After 1 days, there has been an exploit disclosed. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 87197 (Oracle WebLogic Server Multiple Vulnerabilities (BEA04-56.00,BEA04-57.00,BEA04-58.00)).
Upgrading to version 8.1 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at dev2dev.bea.com. The best possible mitigation is suggested to be patching the affected component.
The vulnerability is also documented in the databases at X-Force (15927), SecurityFocus (BID 10184†), OSVDB (5570†), Secunia (SA11435†) and Vulnerability Center (SBV-6872†). Further details are available at ftpna.beasys.com. The entries VDB-623 and VDB-625 are related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: WebLogic 8.1
Patch: dev2dev.bea.com
Timeline
04/20/2004 🔍04/20/2004 🔍
04/20/2004 🔍
04/21/2004 🔍
04/21/2004 🔍
04/21/2004 🔍
07/20/2004 🔍
07/27/2004 🔍
01/20/2005 🔍
11/20/2024 🔍
Sources
Vendor: oracle.comAdvisory: dev2dev.bea.com
Researcher: http://www.bea.com
Organization: BEA Systems, Inc.
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2004-0711 (🔍)
GCVE (CVE): GCVE-0-2004-0711
GCVE (VulDB): GCVE-100-624
CERT: 🔍
X-Force: 15927 - BEA WebLogic Server and Express URL pattern syntax information disclosure, Medium Risk
SecurityFocus: 10184 - BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
Secunia: 11435 - BEA WebLogic URL Restriction Bypass Security Issue, Moderately Critical
OSVDB: 5570 - BEA WebLogic URL Restriction Bypass Information Disclosure
Vulnerability Center: 6872 - BEA WebLogic Server 6.x Allow Access Restrictions Bypass, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 04/21/2004 14:34Updated: 11/20/2024 18:06
Changes: 04/21/2004 14:34 (89), 06/07/2017 16:04 (2), 11/20/2024 18:06 (18)
Complete: 🔍
Cache ID: 216:5E9:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.