Summary
Oracle WebLogic Server is prone to a remote command-execution vulnerability because the software fails to restrict access to sensitive commands.
Successful attacks can compromise the affected software and possibly the computer.
Oracle WebLogic Server 10.3.2 is vulnerable
other versions may also
be affected.
Solution
Vendor updates are available. Please see the vendor advisory for details.
References
- http://blogs.oracle.com/security/2010/02/security_alert_for_cve-2010-00.html
- http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html
- http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html
- http://www.oracle.com/technology/products/weblogic/index.html
- http://www.securityfocus.com/bid/37926
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-0073 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache Tomcat /servlet Cross Site Scripting
- AstroSPACES profile.php SQL Injection Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities