← Zuruck zu CVEs
CVE-2005-1744
CRITICAL9.8
Beschreibung
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/24/2005
Zuletzt geandert4/16/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
bea:weblogic_server
Schwachen (CWE)
CWE-459
Referenzen
http://dev2dev.bea.com/pub/advisory/127(cve@mitre.org)
http://secunia.com/advisories/15486(cve@mitre.org)
http://securitytracker.com/id?1014049(cve@mitre.org)
http://www.securityfocus.com/bid/13717(cve@mitre.org)
http://www.vupen.com/english/advisories/2005/0604(cve@mitre.org)
http://dev2dev.bea.com/pub/advisory/127(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/15486(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1014049(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/13717(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2005/0604(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.