{"api_version":"1","generated_at":"2026-04-23T05:14:07+00:00","cve":"CVE-2007-6384","urls":{"html":"https://cve.report/CVE-2007-6384","api":"https://cve.report/api/cve/CVE-2007-6384.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6384","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6384"},"summary":{"title":"CVE-2007-6384","description":"Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-12-15 02:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://osvdb.org/41880","name":"http://osvdb.org/41880","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39005","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39005","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dev2dev.bea.com/pub/advisory/255","name":"http://dev2dev.bea.com/pub/advisory/255","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Oracle Fusion Middleware Technologies","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4204","name":"http://www.vupen.com/english/advisories/2007/4204","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019091","name":"http://www.securitytracker.com/id?1019091","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"WebLogic Mobility Server Image Converter Lets Remote Users Access Resources - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28078","name":"http://secunia.com/advisories/28078","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"BEA WebLogic Mobility Server Image Converter Security Bypass - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6384","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6384","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_mobility_server","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_mobility_server","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_mobility_server","cpe6":"3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6384","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_mobility_server","cpe6":"3.6","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:02:36.690Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"BEA07-182.00","tags":["vendor-advisory","x_refsource_BEA","x_transferred"],"url":"http://dev2dev.bea.com/pub/advisory/255"},{"name":"ADV-2007-4204","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/4204"},{"name":"weblogic-imageconverter-info-disclosure(39005)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39005"},{"name":"41880","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/41880"},{"name":"28078","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28078"},{"name":"1019091","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019091"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-12-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"BEA07-182.00","tags":["vendor-advisory","x_refsource_BEA"],"url":"http://dev2dev.bea.com/pub/advisory/255"},{"name":"ADV-2007-4204","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/4204"},{"name":"weblogic-imageconverter-info-disclosure(39005)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39005"},{"name":"41880","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/41880"},{"name":"28078","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28078"},{"name":"1019091","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019091"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6384","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"BEA07-182.00","refsource":"BEA","url":"http://dev2dev.bea.com/pub/advisory/255"},{"name":"ADV-2007-4204","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4204"},{"name":"weblogic-imageconverter-info-disclosure(39005)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39005"},{"name":"41880","refsource":"OSVDB","url":"http://osvdb.org/41880"},{"name":"28078","refsource":"SECUNIA","url":"http://secunia.com/advisories/28078"},{"name":"1019091","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019091"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6384","datePublished":"2007-12-15T02:00:00.000Z","dateReserved":"2007-12-14T00:00:00.000Z","dateUpdated":"2024-08-07T16:02:36.690Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-12-15 02:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_mobility_server:3.3:*:*:*:*:*:*:*","matchCriteriaId":"5A888C92-98AB-4364-8096-38E0601206B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_mobility_server:3.5:*:*:*:*:*:*:*","matchCriteriaId":"F67944AC-7E54-49EC-896F-BCDB0A6F5089"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_mobility_server:3.6:*:*:*:*:*:*:*","matchCriteriaId":"75B86EF7-9EDE-494B-A8CE-A07E97CFE215"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_mobility_server:3.6:sp1:*:*:*:*:*:*","matchCriteriaId":"19062190-0250-41AE-9B29-C8F4C497F06B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6384","Ordinal":"1","Title":"CVE-2007-6384","CVE":"CVE-2007-6384","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6384","Ordinal":"1","NoteData":"Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.","Type":"Description","Title":"CVE-2007-6384"},{"CveYear":"2007","CveId":"6384","Ordinal":"2","NoteData":"2007-12-14","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6384","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}