Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-1744

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

Published

2005-05-24T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-459

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bea	weblogic_server	≤ 7.0	Yes

References

http://dev2dev.bea.com/pub/advisory/127 Product ([email protected])
http://secunia.com/advisories/15486 Broken Link, Vendor Advisory ([email protected])
http://securitytracker.com/id?1014049 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/13717 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2005/0604 Broken Link ([email protected])
http://dev2dev.bea.com/pub/advisory/127 Product (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/15486 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1014049 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/13717 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2005/0604 Broken Link (af854a3a-2127-422b-91ae-364da2661108)