CVE-2002-2177

Sažetak

BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.

Reference

http://dev2dev.bea.com/pub/advisory/38
http://www.iss.net/security_center/static/10221.php
http://www.securityfocus.com/bid/5819

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-09-2008 - 19:16

Objavljeno

31-12-2002 - 05:00