Lucene search

[email protected]CVE-2002-2141

HistoryNov 16, 2005 - 9:17 p.m.

CVE-2002-2141

2005-11-1621:17:00

[email protected]

web.nvd.nist.gov

cve-2002-2141

bea

weblogic server

express 7.0

security constraint

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.

Affected configurations

NVD

Node

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0.0.1

beaweblogic_serverMatch7.0.0.1express

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq7.0.0.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	7.0.0.1

References

dev2dev.bea.com/pub/advisory/39

www.iss.net/security_center/static/10291.php

www.securityfocus.com/bid/5846

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2002-2141

cvelist1 nvd1