1. CVE-Search
  2. CVE-2004-0715
ID CVE-2004-0715
Summary The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
CVSS
Base: 5.1 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 10130
cert-vn VU#470470
confirm http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp
osvdb 5299
sectrack 1009763
secunia 11356
xf weblogic-authentication-gain-privileges(15861)
Last major update 11-07-2017 - 01:30
Published 27-07-2004 - 04:00
Last modified 11-07-2017 - 01:30
Back to Top