PT-2002-2858 · Bea · Bea Weblogic Express+1

Published

2002-12-31

Updated

2008-09-10

CVE-2002-2141

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and Express versions 7.0 through 7.0.0.1

Description: The issue affects the security constraints and roles for Servlets and Enterprise JavaBeans (EJB) when running on multiple servers. If an application is undeployed on one server, the security constraints and roles are removed on all servers for the affected Servlets or EJB, potentially allowing remote attackers to conduct unauthorized activities.

Recommendations: For BEA WebLogic Server and Express versions 7.0 through 7.0.0.1, consider redeploying the application with the intended security constraints and roles to prevent unauthorized access. As a temporary workaround, restrict access to the affected Servlets and EJB until a proper fix can be applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2141

Affected Products

Bea Weblogic Express

Bea Weblogic Server

PT-2002-2858 · Bea · Bea Weblogic Express+1

CVE-2002-2141

Related Identifiers

Affected Products

References · 5