CVE-2004-2424 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server8.1

Patches

Patch: dev2dev.bea.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmc9-qjfx-mj3p: BEA WebLogic Server and WebLogic Express 8↗2022-04-29

▶

CVEList

CVE-2004-2424: BEA WebLogic Server and WebLogic Express 8↗2005-08-18

▶