PT-2004-1793 · Bea · Weblogic Express+1
Publicado
2004-07-21
·
Atualizado
2017-07-11
·
CVE-2004-0713
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and WebLogic Express versions 6.1 through SP6
BEA WebLogic Server and WebLogic Express versions 7.0 through SP4
BEA WebLogic Server and WebLogic Express versions 8.1 through SP2
Description
The issue is related to the remove method in a stateful Enterprise JavaBean (EJB) which does not properly check EJB permissions before unexporting a bean. This allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
Recommendations
For BEA WebLogic Server and WebLogic Express versions 6.1 through SP6, update to a version that includes the security fix.
For BEA WebLogic Server and WebLogic Express versions 7.0 through SP4, update to a version that includes the security fix.
For BEA WebLogic Server and WebLogic Express versions 8.1 through SP2, update to a version that includes the security fix.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Bea Weblogic Server
Weblogic Express