CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2003-0640

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile18.34th
Published2003年8月27日
Last Modified2026年4月16日

Vulnerability Description

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

Affected Platforms (CPE)

📦
Bea

Weblogic Server

All versions
📦
Bea

Weblogic Server

All versions

References & Advisories

🔗 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
🔗 http://www.secunia.com/advisories/9232/
🔗 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp
🔗 http://www.secunia.com/advisories/9232/

相關漏洞威脅

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2008-325710.0

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and ear...