CVE-2007-2699 Information

Description

The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies which allows remote administrative users in the Deployer role to upload arbitrary files.

Reference

http://dev2dev.bea.com/pub/advisory/231 http://osvdb.org/36069 http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html http://secunia.com/advisories/25284 http://securitytracker.com/id?1018057 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34289