| Vulnerability Name: | CVE-2002-2141 (CCN-10291) | ||||||||
| Assigned: | 2002-10-01 | ||||||||
| Published: | 2002-10-01 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Configuration | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-2141 Source: BEA Type: UNKNOWN BEA02-21.00 Source: XF Type: UNKNOWN weblogic-servlet-ejb-security-removal(10291) Source: CCN Type: OSVDB ID: 60096 BEA WebLogic Server Enterprise JavaBeans (EJB) Cross-server Undeploy Weakness Source: BID Type: UNKNOWN 5846 Source: CCN Type: BID-5846 BEA WebLogic Server and Express Inadvertent Security Removal Weakness Source: XF Type: UNKNOWN weblogic-servlet-ejb-security-removal(10291) Source: CCN Type: BEA Systems, Inc. Security Advisory (BEA02-21.00) Upgrade to prevent inadvertent removal of security from Servlets or EJBs | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||