Oracle WebLogic Server Node Manager 'beasvc.exe' Remote Command Execution Vulnerability Network Vulnerability

Summary

Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands. Successful attacks can compromise the affected software and possibly the computer. Oracle WebLogic Server 10.3.2 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the vendor advisory for details.

References

http://blogs.oracle.com/security/2010/02/security_alert_for_cve-2010-00.html
http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html
http://www.oracle.com/technology/products/weblogic/index.html
http://www.securityfocus.com/bid/37926

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0073

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Atmail Multiple Unspecified Security Vulnerabilities.
AWStats configdir parameter arbitrary cmd exec
Admin Bot 'news.php' SQL Injection Vulnerability
ActivePerl perlIS.dll Buffer Overflow
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities

Take action and discover your vulnerabilities