Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0652

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0652
Last Modified 05 Sep 2008 04:39:00
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0652

Summary

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 7.0.0.1

  • Bea Weblogic Server 8.1


References

CERT-VN - VU#352110

BID - 10133

XF - bea-gain-privileges(15865)

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp

OSVDB - 5296

SECTRACK - 1009766

SECUNIA - 11359


Last Updated: 27 May 2016 10:38:42