← Retour aux CVEs

CVE-2005-1744

CRITICAL

9.8

Description

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie5/24/2005

Derniere modification4/16/2026

Sourcenvd

Observations honeypot0

Produits affectes

bea:weblogic_server

Faiblesses (CWE)

CWE-459

References

http://dev2dev.bea.com/pub/advisory/127(cve@mitre.org)

http://secunia.com/advisories/15486(cve@mitre.org)

http://securitytracker.com/id?1014049(cve@mitre.org)

http://www.securityfocus.com/bid/13717(cve@mitre.org)

http://www.vupen.com/english/advisories/2005/0604(cve@mitre.org)

http://dev2dev.bea.com/pub/advisory/127(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/15486(af854a3a-2127-422b-91ae-364da2661108)

http://securitytracker.com/id?1014049(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/13717(af854a3a-2127-422b-91ae-364da2661108)

http://www.vupen.com/english/advisories/2005/0604(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.