Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0471

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0471
Last Modified 05 Sep 2008 04:38:30
Published 07 Jul 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0471

Summary

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp

XF - weblogic-server-policy-bypass(16121)

BID - 10327

OSVDB - 6077

SECTRACK - 1010129

SECUNIA - 11594


Last Updated: 27 May 2016 10:38:37