CVE-2003-1290

high

Description

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/13752

http://www.securityfocus.com/bid/9034

http://www.securityfocus.com/bid/16215

http://www.osvdb.org/3064

http://secunia.com/advisories/18396

http://secunia.com/advisories/10218

http://dev2dev.bea.com/pub/advisory/162

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics