CVE-2005-4760

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 8.1 SP3 and earlier BEA WebLogic Server and WebLogic Express versions 7.0 SP5 and earlier

Description The issue occurs when fullyDelegatedAuthorization is enabled for a servlet. In such cases, failures in authorization or role providers do not cause servlet deployment to fail, which might prevent the servlet from being fully protected.

Recommendations For versions 8.1 SP3 and earlier, ensure that servlet deployment fails when authorization or role provider failures occur to maintain full protection. For versions 7.0 SP5 and earlier, consider implementing additional security measures to compensate for the potential lack of full protection due to the issue with fullyDelegatedAuthorization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.