CVE-2003-0151 | Vulnerability Database | Aqua Security

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	6.0 (including)	6.0 (including)
Weblogic_server	Bea	6.0-sp1 (including)	6.0-sp1 (including)
Weblogic_server	Bea	6.0-sp2 (including)	6.0-sp2 (including)
Weblogic_server	Bea	6.1 (including)	6.1 (including)
Weblogic_server	Bea	6.1-sp1 (including)	6.1-sp1 (including)
Weblogic_server	Bea	6.1-sp2 (including)	6.1-sp2 (including)
Weblogic_server	Bea	6.1-sp3 (including)	6.1-sp3 (including)
Weblogic_server	Bea	6.1-sp4 (including)	6.1-sp4 (including)
Weblogic_server	Bea	7.0 (including)	7.0 (including)
Weblogic_server	Bea	7.0-sp1 (including)	7.0-sp1 (including)
Weblogic_server	Bea	7.0-sp2 (including)	7.0-sp2 (including)
Weblogic_server	Bea	7.0.0.1 (including)	7.0.0.1 (including)
Weblogic_server	Bea	7.0.0.1-sp1 (including)	7.0.0.1-sp1 (including)
Weblogic_server	Bea	7.0.0.1-sp2 (including)	7.0.0.1-sp2 (including)

References

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
http://marc.info/?l=bugtraq\u0026m=104792477914620\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104792544515384\u0026w=2
http://www.s21sec.com/en/avisos/s21sec-011-en.txt
http://www.securityfocus.com/bid/7122
http://www.securityfocus.com/bid/7124

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0151
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html