Vulnerability CVE-2005-4759

Vulnerability Name:

CVE-2005-4759 (CCN-22579)

Assigned:

2005-10-12

Published:

2005-10-12

Updated:

2008-09-05

Summary:

BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2005-4759

Source: BEA
Type: Patch, Vendor Advisory
BEA05-95.00

Source: CCN
Type: BEA Systems Inc. Web site
BEA Product Documentation

Source: CCN
Type: SA17138
BEA WebLogic 24 Vulnerabilities and Security Issues

Source: SECUNIA
Type: Vendor Advisory
17138

Source: CCN
Type: OSVDB ID: 20102
BEA WebLogic Cross Platform Ruleset Implementation Weakness

Source: BID
Type: UNKNOWN
15052

Source: CCN
Type: BID-15052
BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
weblogic-security-policy-import(22579)

Source: CCN
Type: BEA Systems Security Advisory: (BEA05-95.00)
Exporting security policies from one operating system and importing to another operating system can lead to servlets being unprotected.

Vulnerable Configuration:

Configuration 1:

cpe:/a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

Denotes that component is vulnerable

BACK