Detections
Analytics
BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)
high Nessus Plugin ID 18365
Language:
Synopsis
The remote web server is affected by multiple flaws.Description
According to its banner, the remote host is running a version of BEA WebLogic Server or WebLogic Express that is prone to multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, unauthorized access, cross-site scripting attacks, and information disclosure.Solution
Upgrade to the appropriate Service Pack as discussed in the vendor advisories referenced above.See Also
http://web.archive.org/web/20070211133850/dev2dev.bea.com/pub/advisory/125
http://web.archive.org/web/20061017121059/http://dev2dev.bea.com/pub/advisory/126
http://web.archive.org/web/20070211133831/http://dev2dev.bea.com:80/pub/advisory/127
http://web.archive.org/web/20070211133900/http://dev2dev.bea.com:80/pub/advisory/128
http://web.archive.org/web/20070211133820/http://dev2dev.bea.com:80/pub/advisory/129
http://web.archive.org/web/20070404224518/dev2dev.bea.com/pub/advisory/130
http://web.archive.org/web/20070427111447/http://dev2dev.bea.com:80/pub/advisory/132
http://web.archive.org/web/20070211133652/http://dev2dev.bea.com:80/pub/advisory/135
http://web.archive.org/web/20070207142547/http://dev2dev.bea.com:80/pub/advisory/137
Plugin Details
Severity: High
ID: 18365
File Name: bea_81sp4_mult_vulns.nasl
Version: 1.26
Type: remote
Family: Web Servers
Published: 5/24/2005
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 4/25/2005
Reference Information
CVE: CVE-2005-1380, CVE-2005-1742, CVE-2005-1743, CVE-2005-1744, CVE-2005-1745, CVE-2005-1746, CVE-2005-1747, CVE-2005-1748, CVE-2005-1749