CVE-2003-0622

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.

Published: Dec 1, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0622
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / tuxedo	8.0	8.0.x
bea / tuxedo	7.1	7.1.x
bea / weblogic_server	4.2	4.2.x
bea / tuxedo	6.5	6.5.x
bea / weblogic_server	5.1	5.1.x
bea / tuxedo	6.3	6.3.x
bea / tuxedo	6.4	6.4.x
bea / tuxedo	8.1	8.1.x
bea / weblogic_server	5.0.1	5.0.1.x

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp
http://marc.info/?l=bugtraq&m=106762000607681&w=2
http://www.securityfocus.com/bid/8931
https://exchange.xforce.ibmcloud.com/vulnerabilities/13560

Vulnerability Database

289,599

CVE-2003-0622