Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0470

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0470
Last Modified 05 Sep 2008 04:38:30
Published 07 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0470

Summary

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

CERT-VN - VU#950070

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp

XF - weblogic-application-unauth-access(16123)

BID - 10328

OSVDB - 6076

SECTRACK - 1010128

SECUNIA - 11593


Last Updated: 27 May 2016 10:38:37