Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0715

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-0715
Last Modified 05 Sep 2008 04:39:12
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0715

Summary

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

CERT-VN - VU#470470

BID - 10130

XF - weblogic-authentication-gain-privileges(15861)

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp

OSVDB - 5299

SECTRACK - 1009763

SECUNIA - 11356


Last Updated: 27 May 2016 10:38:43