CVE-2007-2699

N/A Unknown

Published: May 16, 2007 Modified: April 23, 2026

Description

The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://dev2dev.bea.com/pub/advisory/231

Source: cve@mitre.org

Patch Vendor Advisory

http://osvdb.org/36069

Source: cve@mitre.org

http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html

Source: cve@mitre.org

http://secunia.com/advisories/25284

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1018057

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2007/1815

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34289

Source: cve@mitre.org

http://dev2dev.bea.com/pub/advisory/231