Lucene search

[email protected]CVE-2004-0652

HistoryAug 06, 2004 - 4:00 a.m.

CVE-2004-0652

2004-08-0604:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0652

bea weblogic server

bea weblogic express

information security

access control

authorization vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.0%

JSON

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.

Affected configurations

NVD

Node

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0win32

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp1win32

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0sp2win32

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp3win32

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp4express

beaweblogic_serverMatch7.0sp4win32

beaweblogic_serverMatch7.0.0.1

beaweblogic_serverMatch7.0.0.1express

beaweblogic_serverMatch7.0.0.1win32

beaweblogic_serverMatch7.0.0.1sp1

beaweblogic_serverMatch7.0.0.1sp1express

beaweblogic_serverMatch7.0.0.1sp1win32

beaweblogic_serverMatch7.0.0.1sp2

beaweblogic_serverMatch7.0.0.1sp2express

beaweblogic_serverMatch7.0.0.1sp2win32

beaweblogic_serverMatch7.0.0.1sp3

beaweblogic_serverMatch7.0.0.1sp3express

beaweblogic_serverMatch7.0.0.1sp4

beaweblogic_serverMatch7.0.0.1sp4express

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1win32

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp1win32

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp2win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq7.0.0.1
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	7.0.0.1
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp

secunia.com/advisories/11359

securitytracker.com/id?1009766

www.kb.cert.org/vuls/id/352110

www.osvdb.org/5296

www.securityfocus.com/bid/10133

exchange.xforce.ibmcloud.com/vulnerabilities/15865

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for CVE-2004-0652

cvelist1 nvd1