Vulnerability Description
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
FAQ
What is CVE-2004-0652?
CVE-2004-0652 is a vulnerability with a CVSS score of 7.2 (HIGH). BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly acc...
How severe is CVE-2004-0652?
CVE-2004-0652 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0652?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.