Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0713

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0713
Last Modified 05 Sep 2008 04:39:11
Published 27 Jul 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0713

Summary

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.

Vulnerable Systems

Application

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

CERT-VN - VU#658878

BID - 10185

XF - weblogic-ejb-object-deletion(15928)

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_57.00.jsp


Last Updated: 27 May 2016 10:38:43