NVD脆弱性詳細

CVE-2005-1747

概要	Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
公表日	2005年5月24日13:00
登録日	2021年1月29日17:58
最終更新日	2018年10月31日1:26

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:bea:weblogic_server:6.0:::::::*
cpe:2.3:a:bea:weblogic_server:6.0::express:::::
cpe:2.3:a:bea:weblogic_server:6.0::win32:::::
cpe:2.3:a:bea:weblogic_server:6.0:sp1::::::
cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.0:sp2::::::
cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:::::::*
cpe:2.3:a:bea:weblogic_server:6.1::express:::::
cpe:2.3:a:bea:weblogic_server:6.1::win32:::::
cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp5::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp6::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:::::::*
cpe:2.3:a:bea:weblogic_server:7.0::express:::::
cpe:2.3:a:bea:weblogic_server:7.0::win32:::::
cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp5::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1::express:::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1::win32:::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:::::::*
cpe:2.3:a:bea:weblogic_server:8.1::express:::::
cpe:2.3:a:bea:weblogic_server:8.1::win32:::::
cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp3::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp4::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:::::*
cpe:2.3:a:oracle:weblogic_portal:8.0:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:bea:weblogic_server:6.0:::::::*
cpe:2.3:a:bea:weblogic_server:6.0::express:::::
cpe:2.3:a:bea:weblogic_server:6.0::win32:::::
cpe:2.3:a:bea:weblogic_server:6.0:sp1::::::
cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.0:sp2::::::
cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:::::::*
cpe:2.3:a:bea:weblogic_server:6.1::express:::::
cpe:2.3:a:bea:weblogic_server:6.1::win32:::::
cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp5::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::*
cpe:2.3:a:bea:weblogic_server:6.1:sp6::::::
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:::::::*
cpe:2.3:a:bea:weblogic_server:7.0::express:::::
cpe:2.3:a:bea:weblogic_server:7.0::win32:::::
cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp5::::::
cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1::express:::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1::win32:::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4::::::
cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:::::::*
cpe:2.3:a:bea:weblogic_server:8.1::express:::::
cpe:2.3:a:bea:weblogic_server:8.1::win32:::::
cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp3::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp4::::::
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:::::*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:::::*
cpe:2.3:a:oracle:weblogic_portal:8.0:::::::*

No	URL	refsource	タグ
1	http://dev2dev.bea.com/pub/advisory/130	BEA	Vendor Advisory
2	http://marc.info/?l=bugtraq&m=111695844803328&w=2	BUGTRAQ
3	http://marc.info/?l=bugtraq&m=111695921212456&w=2	BUGTRAQ
4	http://marc.info/?l=bugtraq&m=111722298705561&w=2	BUGTRAQ
5	http://marc.info/?l=bugtraq&m=111722380313416&w=2	BUGTRAQ
6	http://secunia.com/advisories/15486	SECUNIA	Vendor Advisory
7	http://securitytracker.com/id?1014049	SECTRACK
8	http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt	MISC
9	http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt	MISC
10	http://www.appsecinc.com/resources/alerts/general/BEA-001.html	MISC
11	http://www.appsecinc.com/resources/alerts/general/BEA-002.html	MISC
12	http://www.securityfocus.com/bid/13717	BID
13	http://www.vupen.com/english/advisories/2005/0607	VUPEN