{"api_version":"1","generated_at":"2026-04-23T08:38:27+00:00","cve":"CVE-2007-2705","urls":{"html":"https://cve.report/CVE-2007-2705","api":"https://cve.report/api/cve/CVE-2007-2705.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2705","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2705"},"summary":{"title":"CVE-2007-2705","description":"Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-16 01:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://dev2dev.bea.com/pub/advisory/239","name":"http://dev2dev.bea.com/pub/advisory/239","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Exposure of filenames in development mode","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34281","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34281","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/36063","name":"http://osvdb.org/36063","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1018059","name":"http://www.securitytracker.com/id?1018059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"BEA WebLogic Integration Directory Traversal Bug Lets Remote Users List Certain Directories - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1815","name":"http://www.vupen.com/english/advisories/2007/1815","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2705","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2705","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_integration","cpe6":"9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_workshop","cpe6":"8.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_workshop","cpe6":"8.1","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_workshop","cpe6":"8.1","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_workshop","cpe6":"8.1","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_workshop","cpe6":"8.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:49:57.112Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1018059","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018059"},{"name":"36063","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/36063"},{"name":"ADV-2007-1815","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1815"},{"name":"BEA07-170.00","tags":["vendor-advisory","x_refsource_BEA","x_transferred"],"url":"http://dev2dev.bea.com/pub/advisory/239"},{"name":"weblogic-testview-directory-traversal(34281)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34281"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1018059","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018059"},{"name":"36063","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/36063"},{"name":"ADV-2007-1815","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1815"},{"name":"BEA07-170.00","tags":["vendor-advisory","x_refsource_BEA"],"url":"http://dev2dev.bea.com/pub/advisory/239"},{"name":"weblogic-testview-directory-traversal(34281)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34281"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2705","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1018059","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018059"},{"name":"36063","refsource":"OSVDB","url":"http://osvdb.org/36063"},{"name":"ADV-2007-1815","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1815"},{"name":"BEA07-170.00","refsource":"BEA","url":"http://dev2dev.bea.com/pub/advisory/239"},{"name":"weblogic-testview-directory-traversal(34281)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34281"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2705","datePublished":"2007-05-16T01:00:00.000Z","dateReserved":"2007-05-15T00:00:00.000Z","dateUpdated":"2024-08-07T13:49:57.112Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-16 01:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_integration:9.2:*:*:*:*:*:*:*","matchCriteriaId":"C64003CF-C562-491A-8430-B8D40CEC528C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*","matchCriteriaId":"AD6F9694-259F-4631-BC93-B1136F08E77E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*","matchCriteriaId":"77624161-7740-4162-9C83-C0DFEA2BBCCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*","matchCriteriaId":"E785D039-3426-4C1F-BBA8-7C6D32FB141E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*","matchCriteriaId":"D4B2A474-B6C4-47B6-8B20-8722A8C25238"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*","matchCriteriaId":"2FDBD7AF-51AC-48B9-A465-0C13B9230EE3"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2705","Ordinal":"1","Title":"CVE-2007-2705","CVE":"CVE-2007-2705","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2705","Ordinal":"1","NoteData":"Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when \"deployed in an exploded format,\" allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.","Type":"Description","Title":"CVE-2007-2705"},{"CveYear":"2007","CveId":"2705","Ordinal":"2","NoteData":"2007-05-15","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2705","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}