Oracle WebLogic UDDI Explorer Server-Side Request Forgery

medium Web App Scanning Plugin ID 112422


Oracle WebLogic UDDI Explorer Server-Side Request Forgery


The Oracle WebLogic UDDI Explorer service in Oracle Fusion Middleware versions 10.0.2 and 10.3.6 is affected by a server-side request forgery vulnerability due to the lack of validation of the operator parameter in the SearchPublicRegistries.jsp page. A remote and unauthenticated attacker can exploit this issue to retrieve sensitive information and conduct port scanning on the target application and its internal network.


Apply the Oracle Critical Patch Update from July 2014. As an immediate workaround, restrict or disable Oracle WebLogic UDDI Explorer.

See Also

Plugin Details

Severity: Medium

ID: 112422

Type: remote

Published: 5/28/2020

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information


Risk Factor: Low

Score: 2.2


Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-4210


Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: CVE-2014-4210

Vulnerability Information

CPE: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2014-4210

BID: 68629