PT-2005-2714 · Bea · Weblogic Express+1
Published
2005-05-24
·
Updated
2018-10-30
·
CVE-2005-1742
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and WebLogic Express versions 8.1 SP2 through 8.1 SP3
Description
The issue allows users with the Monitor security role to shrink or reset JDBC connection pools.
Recommendations
For versions 8.1 SP2 and 8.1 SP3, consider restricting the Monitor security role to prevent unauthorized access to JDBC connection pools.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Weblogic Express
Oracle Weblogic Server