CVE-2004-0470
published 2004-07-07CVE-2004-0470: BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the…
PriorityP425high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.69%
84.0th percentile
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsphttp://secunia.com/advisories/11593http://securitytracker.com/id?1010128http://www.kb.cert.org/vuls/id/950070http://www.osvdb.org/6076http://www.securityfocus.com/bid/10328https://exchange.xforce.ibmcloud.com/vulnerabilities/16123http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsphttp://secunia.com/advisories/11593http://securitytracker.com/id?1010128http://www.kb.cert.org/vuls/id/950070http://www.osvdb.org/6076http://www.securityfocus.com/bid/10328https://exchange.xforce.ibmcloud.com/vulnerabilities/16123
2004-07-07
Published