Vulnerability Description
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jspPatchVendor Advisory
- http://secunia.com/advisories/11594
- http://securitytracker.com/id?1010129
- http://www.osvdb.org/6077
- http://www.securityfocus.com/bid/10327
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16121
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jspPatchVendor Advisory
- http://secunia.com/advisories/11594
- http://securitytracker.com/id?1010129
- http://www.osvdb.org/6077
- http://www.securityfocus.com/bid/10327
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16121
FAQ
What is CVE-2004-0471?
CVE-2004-0471 is a vulnerability with a CVSS score of 2.1 (LOW). BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, wh...
How severe is CVE-2004-0471?
CVE-2004-0471 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0471?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.