| Vulnerability Name: | CVE-2005-4756 (CCN-22574) | ||||||||
| Assigned: | 2005-10-12 | ||||||||
| Published: | 2005-10-12 | ||||||||
| Updated: | 2018-09-27 | ||||||||
| Summary: | BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-4756 Source: BEA Type: Patch, Vendor Advisory BEA05-92.00 Source: CCN Type: BEA Systems Inc. Web site BEA Product Documentation Source: CCN Type: SA17138 BEA WebLogic 24 Vulnerabilities and Security Issues Source: SECUNIA Type: Third Party Advisory 17138 Source: CCN Type: OSVDB ID: 20099 BEA WebLogic Derived Principal Privilege Escalation Source: BID Type: Third Party Advisory, VDB Entry 15052 Source: CCN Type: BID-15052 BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities Source: XF Type: UNKNOWN weblogic-principals-gain-privileges(22574) Source: CCN Type: BEA Systems Security Advisory: (BEA05-92.00) Principals from a derived Principal class may not be fully validated. | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||