CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0417

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile33.69th
PublishedJan 23, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.

Affected Platforms (CPE)

πŸ“¦
Bea

Weblogic Server

<= 7.0
πŸ“¦
Bea

Weblogic Server

= 7.0
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 8.1
πŸ“¦
Bea

Weblogic Server

= 9.0
πŸ“¦
Bea

Weblogic Server

= 9.1

References & Advisories

πŸ”— http://dev2dev.bea.com/pub/advisory/211
πŸ”— http://osvdb.org/38511
πŸ”— http://secunia.com/advisories/23750
πŸ”— http://securitytracker.com/id?1017525
πŸ”— http://www.securityfocus.com/bid/22082
πŸ”— http://www.vupen.com/english/advisories/2007/0213
πŸ”— http://dev2dev.bea.com/pub/advisory/211
πŸ”— http://osvdb.org/38511

Related Vulnerabilities

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2003-064010.0

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2008-325710.0

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and ear...