Lucene search

[email protected]CVE-2004-0471

HistoryJul 07, 2004 - 4:00 a.m.

CVE-2004-0471

2004-07-0704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0471

bea weblogic server

weblogic express

denial of service

service shutdown

security roles

unauthorized access

7.2 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

24.8%

JSON

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp

secunia.com/advisories/11594

securitytracker.com/id?1010129

www.osvdb.org/6077

www.securityfocus.com/bid/10327

exchange.xforce.ibmcloud.com/vulnerabilities/16121

7.2 High

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for CVE-2004-0471

cvelist1