製品・ソフトウェアに関する情報

JVN脆弱性詳細

BEA WebLogic Integration の Test View Console におけるディレクトリトラバーサルの脆弱性

Title	BEA WebLogic Integration の Test View Console におけるディレクトリトラバーサルの脆弱性
Summary	BEA WebLogic Integration および WebLogic Workshop の Test View Console には、"分解形式で展開される" 際、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	第三者により、親ディレクトリである WebLogic Workshop Directory (wlwdir) をリストアップされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 15, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

Affected System

BEAシステムズ

weblogic integration SP1 未満の 9.2

weblogic workshop 8.1 SP2 から SP6

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2705	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2705
National Vulnerability Database (NVD)
2	CVE-2007-2705	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2705

ベンダー情報

No	Name	URL
bea
1	Top Page	http://www.oracle.com/us/corporate/acquisitions/bea/index.html

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2705

Summary	Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
Summary	Vulnerabilidad de salto de directorio en Test View Console de BEA WebLogic Integration 9.2 anterior a SP1 y WebLogic Workshop 8.1 SP2 hasta SP6, cuando es "desplegado en formato expandido" permite a atacantes remotos listar un directorio padre de WebLogic Workshop Directory (wlwdir) a través de vectores sin especificar.
Publication Date	May 16, 2007, 10:19 a.m.
Registration Date	Jan. 29, 2021, 2:13 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:bea:weblogic_integration:9.2:::::::*
cpe:2.3:a:bea:weblogic_workshop:8.1:sp2::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp3::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp4::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp5::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp6::::::

Related information, measures and tools

No	URL	refsource
1	http://dev2dev.bea.com/pub/advisory/239	cve@mitre.org
2	http://osvdb.org/36063	cve@mitre.org
3	http://www.securitytracker.com/id?1018059	cve@mitre.org
4	http://www.vupen.com/english/advisories/2007/1815	cve@mitre.org
5	https://exchange.xforce.ibmcloud.com/vulnerabilities/34281	cve@mitre.org
6	http://dev2dev.bea.com/pub/advisory/239	af854a3a-2127-422b-91ae-364da2661108
7	http://osvdb.org/36063	af854a3a-2127-422b-91ae-364da2661108
8	http://www.securitytracker.com/id?1018059	af854a3a-2127-422b-91ae-364da2661108
9	http://www.vupen.com/english/advisories/2007/1815	af854a3a-2127-422b-91ae-364da2661108
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/34281	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:bea:weblogic_integration:9.2:::::::*
cpe:2.3:a:bea:weblogic_workshop:8.1:sp2::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp3::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp4::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp5::::::
cpe:2.3:a:bea:weblogic_workshop:8.1:sp6::::::