CVE-2005-1744

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/127	Product
http://secunia.com/advisories/15486	Broken Link Vendor Advisory
http://securitytracker.com/id?1014049	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/13717	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2005/0604	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*

History

08 Feb 2024, 20:35

Type	Values Removed	Values Added
References	~~() http://dev2dev.bea.com/pub/advisory/127 - Vendor Advisory~~	() http://dev2dev.bea.com/pub/advisory/127 - Product
References	~~() http://secunia.com/advisories/15486 - Vendor Advisory~~	() http://secunia.com/advisories/15486 - Broken Link, Vendor Advisory
References	~~() http://securitytracker.com/id?1014049 -~~	() http://securitytracker.com/id?1014049 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/13717 -~~	() http://www.securityfocus.com/bid/13717 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2005/0604 -~~	() http://www.vupen.com/english/advisories/2005/0604 - Broken Link
CVSS	v2 : ~~7.5~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CWE	~~NVD-CWE-Other~~	CWE-459
CPE	cpe:2.3:a:bea:weblogic_server:6.0::express::::: cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp3:::::: cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp5:::::: cpe:2.3:a:bea:weblogic_server:6.1::express::::: cpe:2.3:a:bea:weblogic_server:8.1::express::::: cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:::::* cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1::win32::::: cpe:2.3:a:bea:weblogic_server:6.1:sp1:::::: cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::* cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::* cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::* cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp3:::::: cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:::::: cpe:2.3:a:bea:weblogic_server:7.0:sp4:::::: cpe:2.3:a:bea:weblogic_server:7.0:sp1:::::: cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp6:::::: cpe:2.3:a:bea:weblogic_server:8.1:sp4:::::: cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::* cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:::::* cpe:2.3:a:bea:weblogic_server:8.1::win32::::: cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:::::* cpe:2.3:a:oracle:weblogic_portal:8.0:::::::* cpe:2.3:a:bea:weblogic_server:8.1:::::::* cpe:2.3:a:bea:weblogic_server:7.0:sp2:::::: cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp5:::::: cpe:2.3:a:bea:weblogic_server:6.1::win32::::: cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:::::: cpe:2.3:a:bea:weblogic_server:7.0::win32::::: cpe:2.3:a:bea:weblogic_server:8.1:sp2:::::: cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:::::* cpe:2.3:a:bea:weblogic_server:7.0::express::::: cpe:2.3:a:bea:weblogic_server:6.0:sp1:::::: cpe:2.3:a:bea:weblogic_server:8.1:sp3:::::: cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1::express::::: cpe:2.3:a:bea:weblogic_server:7.0:::::::* cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::* cpe:2.3:a:bea:weblogic_server:8.1:sp1:::::: cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::* cpe:2.3:a:bea:weblogic_server:6.0::win32::::: cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::* cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::* cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:::::: cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::* cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::* cpe:2.3:a:bea:weblogic_server:6.0:sp2:::::: cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:::::* cpe:2.3:a:bea:weblogic_server:6.0:::::::* cpe:2.3:a:bea:weblogic_server:6.1:::::::* cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::* cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:::::* cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:::::: cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:::::* cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp2:::::: cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::* cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::	cpe:2.3:a:bea:weblogic_server::::::::

Information

Published : 2005-05-24 04:00

Updated : 2024-02-08 20:35

NVD link : CVE-2005-1744

Mitre link : CVE-2005-1744

CVE.ORG link : CVE-2005-1744

JSON object : View

Products Affected

bea

weblogic_server

CWE

CWE-459

Incomplete Cleanup

9.8 /10