Description
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
Product(s):
- BEA Systems Liquid Data 1.1
- BEA Systems WebLogic Integration 2.0
- BEA Systems WebLogic Integration 7.0
- BEA Systems WebLogic Server 5.1
- BEA Systems WebLogic Server 5.1 SP10
- BEA Systems WebLogic Express 5.1 SP10
- BEA Systems WebLogic Server 5.1 SP10 Win32
- BEA Systems WebLogic Server 5.1 SP11
- BEA Systems WebLogic Express 5.1 SP11
- BEA Systems WebLogic Server 5.1 SP11 Win32
- BEA Systems WebLogic Server 5.1 SP12
- BEA Systems WebLogic Express 5.1 SP12
- BEA Systems WebLogic Server 5.1 SP12 Win32
- BEA Systems WebLogic Server 5.1 SP13
- BEA Systems WebLogic Express 5.1 SP13
- BEA Systems WebLogic Server 5.1 SP13 Win32
- BEA Systems WebLogic Server 5.1 SP1
- BEA Systems WebLogic Express 5.1 SP1
- BEA Systems WebLogic Server 5.1 SP1 Win32
- BEA Systems WebLogic Server 5.1 SP2
- BEA Systems WebLogic Express 5.1 SP2
- BEA Systems WebLogic Server 5.1 SP2 Win32
- BEA Systems WebLogic Server 5.1 SP3
- BEA Systems WebLogic Express 5.1 SP3
- BEA Systems WebLogic Server 5.1 SP3 Win32
- BEA Systems WebLogic Server 5.1 SP4
- BEA Systems WebLogic Express 5.1 SP4
- BEA Systems WebLogic Server 5.1 SP4 Win32
- BEA Systems WebLogic Server 5.1 SP5
- BEA Systems WebLogic Express 5.1 SP5
- BEA Systems WebLogic Server 5.1 SP5 Win32
- BEA Systems WebLogic Server 5.1 SP6
- BEA Systems WebLogic Express 5.1 SP6
- BEA Systems WebLogic Server 5.1 SP6 Win32
- BEA Systems WebLogic Server 5.1 SP7
- BEA Systems WebLogic Express 5.1 SP7
- BEA Systems WebLogic Server 5.1 SP7 Win32
- BEA Systems WebLogic Server 5.1 SP8
- BEA Systems WebLogic Express 5.1 SP8
- BEA Systems WebLogic Server 5.1 SP8 Win32
- BEA Systems WebLogic Server 5.1 SP9
- BEA Systems WebLogic Express 5.1 SP9
- BEA Systems WebLogic Server 5.1 SP9 Win32
- BEA WebLogic Server 7.0 Express Edition
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0733, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0733 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.