| Vulnerability Name: | CVE-2004-0471 (CCN-16121) | ||||||||
| Assigned: | 2004-05-11 | ||||||||
| Published: | 2004-05-11 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-0471 Source: CCN Type: BEA Systems, Inc. Security Advisory (BEA04-60.00) Patches are available to protect user authorizations. Source: CONFIRM Type: Patch, Vendor Advisory http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp Source: CCN Type: SA11594 BEA WebLogic Admins and Operators May be Able to Stop the Service Source: SECUNIA Type: UNKNOWN 11594 Source: CCN Type: SECTRACK ID: 1010129 BEA WebLogic May Let Remote Authenticated Admin/Operator Users Start or Stop Server Source: SECTRACK Type: UNKNOWN 1010129 Source: OSVDB Type: UNKNOWN 6077 Source: CCN Type: OSVDB ID: 6077 BEA WebLogic Unprivileged Stop/Start Source: BID Type: UNKNOWN 10327 Source: CCN Type: BID-10327 BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability Source: XF Type: UNKNOWN weblogic-server-policy-bypass(16121) Source: XF Type: UNKNOWN weblogic-server-policy-bypass(16121) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||