PT-2004-1591 · Bea · Bea Weblogic Server+1

Publicado

2004-05-20

Atualizado

2017-07-11

CVE-2004-0471

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 7.0 through SP5 BEA WebLogic Server and WebLogic Express versions 8.1 through SP2

Description The issue allows unauthorized users to cause a denial of service by shutting down the service, as it does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles.

Recommendations For versions 7.0 through SP5, restrict access to server management functions to prevent unauthorized shutdowns. For versions 8.1 through SP2, limit the privileges of users in the Admin and Operator security roles to prevent service shutdown.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0471

Produtos afetados

Bea Weblogic Server

Weblogic Express

PT-2004-1591 · Bea · Bea Weblogic Server+1

CVE-2004-0471

Identificadores relacionados

Produtos afetados

Referências · 8