PT-2004-1591 · Bea · Bea Weblogic Server+1

Published

2004-05-20

Updated

2017-07-11

CVE-2004-0471

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 7.0 through SP5 BEA WebLogic Server and WebLogic Express versions 8.1 through SP2

Description The issue allows unauthorized users to cause a denial of service by shutting down the service, as it does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles.

Recommendations For versions 7.0 through SP5, restrict access to server management functions to prevent unauthorized shutdowns. For versions 8.1 through SP2, limit the privileges of users in the Admin and Operator security roles to prevent service shutdown.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0471

Affected Products

Bea Weblogic Server

Weblogic Express

PT-2004-1591 · Bea · Bea Weblogic Server+1

CVE-2004-0471

Related Identifiers

Affected Products

References · 8