← Back to CVEs

CVE-2005-1744

CRITICAL

9.8

Description

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published5/24/2005

Last Modified4/16/2026

Sourcenvd

Honeypot Sightings0

Affected Products

bea:weblogic_server

Weaknesses (CWE)

CWE-459

References

http://dev2dev.bea.com/pub/advisory/127(cve@mitre.org)

http://secunia.com/advisories/15486(cve@mitre.org)

http://securitytracker.com/id?1014049(cve@mitre.org)

http://www.securityfocus.com/bid/13717(cve@mitre.org)

http://www.vupen.com/english/advisories/2005/0604(cve@mitre.org)

http://dev2dev.bea.com/pub/advisory/127(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/15486(af854a3a-2127-422b-91ae-364da2661108)

http://securitytracker.com/id?1014049(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/13717(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2005/0604(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.