CVE-2004-0715

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
http://secunia.com/advisories/11356
http://securitytracker.com/id?1009763
http://www.kb.cert.org/vuls/id/470470	Third Party Advisory US Government Resource
http://www.osvdb.org/5299
http://www.securityfocus.com/bid/10130	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15861
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
http://secunia.com/advisories/11356
http://securitytracker.com/id?1009763
http://www.kb.cert.org/vuls/id/470470	Third Party Advisory US Government Resource
http://www.osvdb.org/5299
http://www.securityfocus.com/bid/10130	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15861

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0::express:::::
	cpe:2.3:a:bea:weblogic_server:7.0::win32:::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:::::::*
	cpe:2.3:a:bea:weblogic_server:8.1::express:::::
	cpe:2.3:a:bea:weblogic_server:8.1::win32:::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*

History

20 Nov 2024, 23:49

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp -~~	() http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp -
References	~~() http://secunia.com/advisories/11356 -~~	() http://secunia.com/advisories/11356 -
References	~~() http://securitytracker.com/id?1009763 -~~	() http://securitytracker.com/id?1009763 -
References	~~() http://www.kb.cert.org/vuls/id/470470 - Third Party Advisory, US Government Resource~~	() http://www.kb.cert.org/vuls/id/470470 - Third Party Advisory, US Government Resource
References	~~() http://www.osvdb.org/5299 -~~	() http://www.osvdb.org/5299 -
References	~~() http://www.securityfocus.com/bid/10130 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/10130 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/15861 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/15861 -

Information

Published : 2004-07-27 04:00

Updated : 2024-11-20 23:49

NVD link : CVE-2004-0715

Mitre link : CVE-2004-0715

CVE.ORG link : CVE-2004-0715

JSON object : View

Products Affected

bea

weblogic_server

CWE

NVD-CWE-Other

5.1 /10