CVE-2007-2695

high

Description

The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34282

http://www.vupen.com/english/advisories/2008/0612/references

http://www.vupen.com/english/advisories/2007/1815

http://securitytracker.com/id?1018057

http://secunia.com/advisories/29041

http://secunia.com/advisories/25284

http://osvdb.org/36074

http://dev2dev.bea.com/pub/advisory/274

http://dev2dev.bea.com/pub/advisory/227

Details

Source: Mitre, NVD

Published: 2007-05-16

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01307