PT-2005-2716 · Bea · Weblogic Express+1
Published
2005-05-24
·
Updated
2024-02-08
·
CVE-2005-1744
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and WebLogic Express versions 7.0 through Service Pack 5
Description
The issue allows users to continue accessing an application without having to log in again after the application is redeployed. This may violate newly changed security constraints or role mappings.
Recommendations
For versions 7.0 through Service Pack 5, consider implementing a manual logout mechanism for users when an application is redeployed to enforce new security constraints or role mappings.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Weblogic Express
Oracle Weblogic Server