CVE-2003-1290

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1290
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	8.1-sp4	8.1-sp4.x
bea / weblogic_server	7.0-sp2	7.0-sp2.x
bea / weblogic_server	7.0.0.1-sp4	7.0.0.1-sp4.x
bea / weblogic_server	6.1-sp4	6.1-sp4.x
bea / weblogic_server	6.1-sp5	6.1-sp5.x
bea / weblogic_server	6.0-sp1	6.0-sp1.x
bea / weblogic_server	6.1-sp6	6.1-sp6.x
bea / weblogic_server	7.0-sp4	7.0-sp4.x
bea / weblogic_server	6.0-sp2	6.0-sp2.x
bea / weblogic_server	7.0.0.1	7.0.0.1.x
bea / weblogic_server	7.0-sp3	7.0-sp3.x
bea / weblogic_server	8.1-sp3	8.1-sp3.x
bea / weblogic_server	6.0	6.0.x
bea / weblogic_server	6.1-sp2	6.1-sp2.x
bea / weblogic_server	6.1-sp1	6.1-sp1.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x
bea / weblogic_server	7.0.0.1-sp1	7.0.0.1-sp1.x
bea / weblogic_server	6.1-sp3	6.1-sp3.x
bea / weblogic_server	7.0.0.1-sp3	7.0.0.1-sp3.x
bea / weblogic_server	7.0.0.1-sp2	7.0.0.1-sp2.x
bea / weblogic_server	7.0-sp1	7.0-sp1.x
bea / weblogic_server	7.0-sp5	7.0-sp5.x
bea / weblogic_server	8.1-sp2	8.1-sp2.x
bea / weblogic_server	6.1	6.1.x
bea / weblogic_server	7.0	7.0.x

Vulnerability Database

289,599

CVE-2003-1290