Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4760

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-4760
Last Modified 05 Sep 2008 04:57:44
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-4760

Summary

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

BEA - BEA05-97.00

BID - 15052

SECUNIA - 17138


Last Updated: 27 May 2016 10:41:25