BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Bea
  • Weblogic Server

Configuration 1 [-]

OR cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:sp7:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:sp6:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*
References
Link Resource
http://dev2dev.bea.com/pub/advisory/183 Patch Vendor Advisory
http://secunia.com/advisories/19310 Vendor Advisory
http://securitytracker.com/id?1015790
http://www.securityfocus.com/bid/17167
http://www.vupen.com/english/advisories/2006/1021
https://exchange.xforce.ibmcloud.com/vulnerabilities/25348
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-22T01:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-03-21T00:00:00

Link: CVE-2006-1352

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-03-22T01:02:00.000

Modified: 2017-07-20T01:30:31.253

Link: CVE-2006-1352

JSON object: View

cve-icon Redhat Information

No data.

CWE