Vulnerability-Lookup

CVE-2005-1747 (GCVE-0-2005-1747)

Vulnerability from cvelistv5 – Published: 2005-05-24 04:00 – Updated: 2024-08-07 21:59

Summary

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

13 references

URL	Tags
http://www.appsecinc.com/resources/alerts/general…	x_refsource_MISC
http://marc.info/?l=bugtraq&m=111695921212456&w=2	mailing-listx_refsource_BUGTRAQ
http://dev2dev.bea.com/pub/advisory/130	vendor-advisoryx_refsource_BEA
http://secunia.com/advisories/15486	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=111722380313416&w=2	mailing-listx_refsource_BUGTRAQ
http://securitytracker.com/id?1014049	vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2005/0607	vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=111695844803328&w=2	mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/13717	vdb-entryx_refsource_BID
http://www.appsecinc.com/resources/alerts/general…	x_refsource_MISC
http://www.acrossecurity.com/aspr/ASPR-2005-05-24…	x_refsource_MISC
http://marc.info/?l=bugtraq&m=111722298705561&w=2	mailing-listx_refsource_BUGTRAQ
http://www.acrossecurity.com/aspr/ASPR-2005-05-24…	x_refsource_MISC

Date Public

2005-05-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:59:24.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
          },
          {
            "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
          },
          {
            "name": "BEA05-80.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/130"
          },
          {
            "name": "15486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15486"
          },
          {
            "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
          },
          {
            "name": "1014049",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1014049"
          },
          {
            "name": "ADV-2005-0607",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/0607"
          },
          {
            "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
          },
          {
            "name": "13717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
          },
          {
            "name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-05-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
        },
        {
          "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
        },
        {
          "name": "BEA05-80.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/130"
        },
        {
          "name": "15486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15486"
        },
        {
          "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
        },
        {
          "name": "1014049",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1014049"
        },
        {
          "name": "ADV-2005-0607",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/0607"
        },
        {
          "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
        },
        {
          "name": "13717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
        },
        {
          "name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
            },
            {
              "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
            },
            {
              "name": "BEA05-80.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/130"
            },
            {
              "name": "15486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15486"
            },
            {
              "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
            },
            {
              "name": "1014049",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1014049"
            },
            {
              "name": "ADV-2005-0607",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/0607"
            },
            {
              "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
            },
            {
              "name": "13717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13717"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html",
              "refsource": "MISC",
              "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
            },
            {
              "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt",
              "refsource": "MISC",
              "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
            },
            {
              "name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
            },
            {
              "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt",
              "refsource": "MISC",
              "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1747",
    "datePublished": "2005-05-24T04:00:00.000Z",
    "dateReserved": "2005-05-25T00:00:00.000Z",
    "dateUpdated": "2024-08-07T21:59:24.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2005-1747",
      "date": "2026-06-05",
      "epss": "0.02674",
      "percentile": "0.86124"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-1747\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-05-24T04:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D9AB3C0-8783-4160-AE2D-D1E5AAAA0A78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"80D90123-74BA-4A70-9A10-6980BAD270B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"565CBD39-28D6-4A03-BECE-287083CE9FA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE9282D-C32F-4D2F-81BE-75E447925A23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*\",\"matchCriteriaId\":\"14A085BB-27C9-488F-91F8-19625BF23B94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:*\",\"matchCriteriaId\":\"D1A33785-23D9-4428-B746-71FD404C09E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E6644EF-C875-4005-A628-0AED7B7BB94F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*\",\"matchCriteriaId\":\"8556E775-D130-4658-AFE2-28188224ED54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:*\",\"matchCriteriaId\":\"1B92BC8B-15AB-4E9A-AC2F-DD6A2F443B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FDCF6AE-43DC-4AE5-9260-CA657F40BE77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"05AFBE78-C611-4EA2-8B00-5F8B61696CBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"AC5439C1-D06F-44C6-94F5-2BD8598A506C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DFE26B3-31F2-4FC0-854D-56EA4D08C28A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*\",\"matchCriteriaId\":\"C3B7752C-B297-480A-B3FC-948EA081670C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*\",\"matchCriteriaId\":\"E40C38EC-ECA4-4F0C-8468-16191CDB9997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"63017BF8-D681-45EC-9C31-09D029F1126D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*\",\"matchCriteriaId\":\"71892EC0-E6B1-4214-AC53-06489F711829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*\",\"matchCriteriaId\":\"C4FD8871-680E-40F9-85AB-417B5195D4BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E0B1791-974A-4967-8CF9-33BE8183200B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*\",\"matchCriteriaId\":\"696F52AE-FEB9-4090-872E-FDFD969F5604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*\",\"matchCriteriaId\":\"2B4BC3F5-BFE8-4834-B427-B6260D5B7A85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B12A8B1-F78E-46B3-8872-4C6484345477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*\",\"matchCriteriaId\":\"DCED03B6-7565-4F53-8D85-F3391BF66988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*\",\"matchCriteriaId\":\"D2FE768F-363B-49BC-8410-739B164FB32E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2FB0E9-3812-49C5-94F4-3B39D5BE2EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*\",\"matchCriteriaId\":\"B70F0353-635F-465B-A7E5-AF2D017AB008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*\",\"matchCriteriaId\":\"D3DA28D0-18CC-4F99-AABB-EC7863CBD455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B091903-943F-4822-9F24-9D109B2D76A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*\",\"matchCriteriaId\":\"CE1D6EE4-8545-4D0A-A50B-C8009F054DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9C5AFCF-79D8-4005-B800-B0C6BD461276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"FBDF3AC0-0680-4EEE-898C-47D194667BE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6828CE4B-91E8-4688-977F-DC7BC21131C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*\",\"matchCriteriaId\":\"BBDB9094-78E8-4CBF-9F5F-321D5174F1EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*\",\"matchCriteriaId\":\"9CD2BB36-AC0B-48E9-91E1-A4465896E87A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E141AA86-C6D0-4FA8-9268-0FB0635DF9CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*\",\"matchCriteriaId\":\"6FB8930F-C6D8-40B9-8D08-751F5B47229B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*\",\"matchCriteriaId\":\"A5C59B80-279B-45B3-9CC1-5A263681025B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"893D9D88-43C4-4F9F-A364-0585DE6FA9E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*\",\"matchCriteriaId\":\"D59F9859-7344-43F0-9348-E57FABB9E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*\",\"matchCriteriaId\":\"D2D05BAB-AB3B-466E-8301-01A41644DE77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D34E2925-DE2A-437F-B349-BD7103F4C37E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*\",\"matchCriteriaId\":\"0A4EC87D-EF83-48C5-B516-A6A482D9F525\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*\",\"matchCriteriaId\":\"935F28E3-9799-4EF6-AB83-62E9C214DD0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"16E3F943-D920-4C0A-8545-5CF7D792011F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*\",\"matchCriteriaId\":\"6BBA04D4-BA2E-4495-85DE-38918A878012\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*\",\"matchCriteriaId\":\"6C444DA3-69E3-4465-9173-85966B1162A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"25C711BB-E7E0-41D8-985E-5DD386C54637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"38EFE72C-10E5-4EED-B016-D914FA52DE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"32E8797D-1B62-4480-A79D-0345E65699E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*\",\"matchCriteriaId\":\"071FAD20-D502-4634-852A-4CD06FE8E114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*\",\"matchCriteriaId\":\"97E6F518-D320-4655-B698-2D1A82CA3EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC1486C-6AC4-44F7-9015-40FD4A341C38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*\",\"matchCriteriaId\":\"AB5909DB-B2E2-4358-9D45-C225C6B02360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*\",\"matchCriteriaId\":\"04C3F96B-A1FF-4E3E-B059-366E176E5E19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5485722F-5DE4-4CD4-865F-32585537F523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*\",\"matchCriteriaId\":\"BCB01060-2C29-4F75-8D0A-74F62E9F0A17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCEDE54-97F3-457A-9886-5BD91C9AED2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*\",\"matchCriteriaId\":\"2269D44C-65EA-4ED0-9F03-A32AC5D44EEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08D4CEA-9ACC-4869-BC87-3524A059914F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*\",\"matchCriteriaId\":\"ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*\",\"matchCriteriaId\":\"A3DFE048-905E-4890-809D-F6BCEF7F83C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F5B2A06-CE19-4A57-9566-09FC1E259CDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*\",\"matchCriteriaId\":\"F7560131-A6AC-4BBB-AA2D-C7C63AB51226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*\",\"matchCriteriaId\":\"349036A0-B5E2-4656-8D2D-26BEE9EF9DFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D18E22CC-A0FC-4BC7-AD39-2645F57486C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*\",\"matchCriteriaId\":\"893C2387-03E3-4F8E-9029-BC64C64239EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*\",\"matchCriteriaId\":\"D00633D1-4B38-48D9-B5CD-E8D66EA90599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9429D939-FCC4-4BA7-90C4-BBEECE7309D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*\",\"matchCriteriaId\":\"55661356-58E0-49D3-9C79-B4BB5EBE24CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*\",\"matchCriteriaId\":\"1A1A59C0-31BB-4EE9-90C1-3289C94F690E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0653ACAC-B0D9-4381-AB23-11D24852A414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*\",\"matchCriteriaId\":\"107C2FC6-BC60-4817-8A21-14C81DA6DEF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*\",\"matchCriteriaId\":\"209CDA09-CAB2-481D-8DA0-161B670335E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_portal:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A220FA9-69A3-4857-A73D-287FDF0E68A1\"}]}]}],\"references\":[{\"url\":\"http://dev2dev.bea.com/pub/advisory/130\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/15486\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1014049\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.appsecinc.com/resources/alerts/general/BEA-001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.appsecinc.com/resources/alerts/general/BEA-002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/13717\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/0607\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dev2dev.bea.com/pub/advisory/130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/15486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1014049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.appsecinc.com/resources/alerts/general/BEA-001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.appsecinc.com/resources/alerts/general/BEA-002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/13717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/0607\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2005-1747

Vulnerability from fkie_nvd - Published: 2005-05-24 04:00 - Updated: 2026-04-16 00:27

Severity

Summary

References

URL	Tags
cve@mitre.org	http://dev2dev.bea.com/pub/advisory/130	Vendor Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=111695844803328&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=111695921212456&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=111722298705561&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=111722380313416&w=2
cve@mitre.org	http://secunia.com/advisories/15486	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1014049
cve@mitre.org	http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt
cve@mitre.org	http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt
cve@mitre.org	http://www.appsecinc.com/resources/alerts/general/BEA-001.html
cve@mitre.org	http://www.appsecinc.com/resources/alerts/general/BEA-002.html
cve@mitre.org	http://www.securityfocus.com/bid/13717
cve@mitre.org	http://www.vupen.com/english/advisories/2005/0607
af854a3a-2127-422b-91ae-364da2661108	http://dev2dev.bea.com/pub/advisory/130	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111695844803328&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111695921212456&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111722298705561&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=111722380313416&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/15486	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1014049
af854a3a-2127-422b-91ae-364da2661108	http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/general/BEA-001.html
af854a3a-2127-422b-91ae-364da2661108	http://www.appsecinc.com/resources/alerts/general/BEA-002.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/13717
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/0607

Impacted products

Vendor	Product	Version
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.0
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	6.1
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	7.0.0.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
bea	weblogic_server	8.1
oracle	weblogic_portal	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9AB3C0-8783-4160-AE2D-D1E5AAAA0A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "80D90123-74BA-4A70-9A10-6980BAD270B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:win32:*:*:*:*:*",
              "matchCriteriaId": "565CBD39-28D6-4A03-BECE-287083CE9FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BDE9282D-C32F-4D2F-81BE-75E447925A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "14A085BB-27C9-488F-91F8-19625BF23B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "D1A33785-23D9-4428-B746-71FD404C09E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3E6644EF-C875-4005-A628-0AED7B7BB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "8556E775-D130-4658-AFE2-28188224ED54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "1B92BC8B-15AB-4E9A-AC2F-DD6A2F443B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDCF6AE-43DC-4AE5-9260-CA657F40BE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "05AFBE78-C611-4EA2-8B00-5F8B61696CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*",
              "matchCriteriaId": "AC5439C1-D06F-44C6-94F5-2BD8598A506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5DFE26B3-31F2-4FC0-854D-56EA4D08C28A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "C3B7752C-B297-480A-B3FC-948EA081670C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "E40C38EC-ECA4-4F0C-8468-16191CDB9997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "63017BF8-D681-45EC-9C31-09D029F1126D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "71892EC0-E6B1-4214-AC53-06489F711829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "C4FD8871-680E-40F9-85AB-417B5195D4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8E0B1791-974A-4967-8CF9-33BE8183200B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "696F52AE-FEB9-4090-872E-FDFD969F5604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*",
              "matchCriteriaId": "2B4BC3F5-BFE8-4834-B427-B6260D5B7A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "7B12A8B1-F78E-46B3-8872-4C6484345477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "DCED03B6-7565-4F53-8D85-F3391BF66988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*",
              "matchCriteriaId": "D2FE768F-363B-49BC-8410-739B164FB32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "CB2FB0E9-3812-49C5-94F4-3B39D5BE2EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "B70F0353-635F-465B-A7E5-AF2D017AB008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*",
              "matchCriteriaId": "D3DA28D0-18CC-4F99-AABB-EC7863CBD455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "6B091903-943F-4822-9F24-9D109B2D76A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*",
              "matchCriteriaId": "CE1D6EE4-8545-4D0A-A50B-C8009F054DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
              "matchCriteriaId": "8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "9CD2BB36-AC0B-48E9-91E1-A4465896E87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "A5C59B80-279B-45B3-9CC1-5A263681025B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "D59F9859-7344-43F0-9348-E57FABB9E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
              "matchCriteriaId": "D2D05BAB-AB3B-466E-8301-01A41644DE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "0A4EC87D-EF83-48C5-B516-A6A482D9F525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
              "matchCriteriaId": "935F28E3-9799-4EF6-AB83-62E9C214DD0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "6BBA04D4-BA2E-4495-85DE-38918A878012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*",
              "matchCriteriaId": "6C444DA3-69E3-4465-9173-85966B1162A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "25C711BB-E7E0-41D8-985E-5DD386C54637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
              "matchCriteriaId": "38EFE72C-10E5-4EED-B016-D914FA52DE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "071FAD20-D502-4634-852A-4CD06FE8E114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "97E6F518-D320-4655-B698-2D1A82CA3EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "AB5909DB-B2E2-4358-9D45-C225C6B02360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "04C3F96B-A1FF-4E3E-B059-366E176E5E19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5485722F-5DE4-4CD4-865F-32585537F523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "BCB01060-2C29-4F75-8D0A-74F62E9F0A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "3CCEDE54-97F3-457A-9886-5BD91C9AED2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "2269D44C-65EA-4ED0-9F03-A32AC5D44EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*",
              "matchCriteriaId": "A3DFE048-905E-4890-809D-F6BCEF7F83C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "349036A0-B5E2-4656-8D2D-26BEE9EF9DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "D00633D1-4B38-48D9-B5CD-E8D66EA90599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "55661356-58E0-49D3-9C79-B4BB5EBE24CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*",
              "matchCriteriaId": "1A1A59C0-31BB-4EE9-90C1-3289C94F690E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "107C2FC6-BC60-4817-8A21-14C81DA6DEF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*",
              "matchCriteriaId": "209CDA09-CAB2-481D-8DA0-161B670335E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_portal:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A220FA9-69A3-4857-A73D-287FDF0E68A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
    }
  ],
  "id": "CVE-2005-1747",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-24T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dev2dev.bea.com/pub/advisory/130"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/15486"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014049"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/13717"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/0607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dev2dev.bea.com/pub/advisory/130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/15486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/13717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0607"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9H5J-CJ9R-XXCP

Vulnerability from github – Published: 2022-05-01 02:01 – Updated: 2022-05-01 02:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-1747"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-05-24T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.",
  "id": "GHSA-9h5j-cj9r-xxcp",
  "modified": "2022-05-01T02:01:37Z",
  "published": "2022-05-01T02:01:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-1747"
    },
    {
      "type": "WEB",
      "url": "http://dev2dev.bea.com/pub/advisory/130"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/15486"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1014049"
    },
    {
      "type": "WEB",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/13717"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/0607"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2005-1747

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-1747

Aliases

CVE-2005-1747

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-1747",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.",
    "id": "GSD-2005-1747"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-1747"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.",
      "id": "GSD-2005-1747",
      "modified": "2023-12-13T01:20:11.167245Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-1747",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html",
            "refsource": "MISC",
            "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
          },
          {
            "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
          },
          {
            "name": "BEA05-80.00",
            "refsource": "BEA",
            "url": "http://dev2dev.bea.com/pub/advisory/130"
          },
          {
            "name": "15486",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/15486"
          },
          {
            "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
          },
          {
            "name": "1014049",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1014049"
          },
          {
            "name": "ADV-2005-0607",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/0607"
          },
          {
            "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
          },
          {
            "name": "13717",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/13717"
          },
          {
            "name": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html",
            "refsource": "MISC",
            "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
          },
          {
            "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt",
            "refsource": "MISC",
            "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
          },
          {
            "name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
          },
          {
            "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt",
            "refsource": "MISC",
            "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_portal:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.0:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1747"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "BEA05-80.00",
              "refsource": "BEA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/130"
            },
            {
              "name": "13717",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/13717"
            },
            {
              "name": "15486",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/15486"
            },
            {
              "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
            },
            {
              "name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
            },
            {
              "name": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
            },
            {
              "name": "1014049",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1014049"
            },
            {
              "name": "ADV-2005-0607",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/0607"
            },
            {
              "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=111695844803328\u0026w=2"
            },
            {
              "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=111722380313416\u0026w=2"
            },
            {
              "name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=111722298705561\u0026w=2"
            },
            {
              "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=111695921212456\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:26Z",
      "publishedDate": "2005-05-24T04:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-1747 (GCVE-0-2005-1747)

FKIE_CVE-2005-1747

GHSA-9H5J-CJ9R-XXCP

GSD-2005-1747

Tags

Sightings

Nomenclature