CVE-2004-0471 — Weblogic Server vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedJul 7

Latest updateApr 29

Description

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server7.0, 8.1+1

Patches

Patch: dev2dev.bea.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-rj84-m96v-25xp: BEA WebLogic Server and WebLogic Express 7↗2022-04-29

▶

CVEList

CVE-2004-0471: BEA WebLogic Server and WebLogic Express 7↗2004-05-20

▶