Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2696

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2004-2696
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2004-2696

Summary

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

Vulnerable Systems

Application

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 7.0.0.1

  • Bea Weblogic Server 8.1


References

XF - weblogic-unexpected-user-identity(16421)

BID - 10545

OSVDB - 7081

SECTRACK - 1010493

SECUNIA - 11865

BEA - BEA04-62.00


Last Updated: 27 May 2016 10:39:35