Lucene search

[email protected]CVE-2005-1744

HistoryMay 24, 2005 - 4:00 a.m.

CVE-2005-1744

2005-05-2404:00:00

CWE-459

[email protected]

web.nvd.nist.gov

cve-2005-1744

bea weblogic server

weblogic express

redeployment

security constraints

role mappings

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.0%

JSON

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic serverle7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	le	7.0

References

dev2dev.bea.com/pub/advisory/127

secunia.com/advisories/15486

securitytracker.com/id?1014049

www.securityfocus.com/bid/13717

www.vupen.com/english/advisories/2005/0604

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2005-1744

nessus1