Vulnerability Description
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
Related Weaknesses (CWE)
References
- http://dev2dev.bea.com/pub/advisory/59
- http://secunia.com/advisories/11865Vendor Advisory
- http://securitytracker.com/id?1010493
- http://www.osvdb.org/7081
- http://www.securityfocus.com/bid/10545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16421
- http://dev2dev.bea.com/pub/advisory/59
- http://secunia.com/advisories/11865Vendor Advisory
- http://securitytracker.com/id?1010493
- http://www.osvdb.org/7081
- http://www.securityfocus.com/bid/10545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16421
FAQ
What is CVE-2004-2696?
CVE-2004-2696 is a vulnerability with a CVSS score of 5.5 (MEDIUM). BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for differe...
How severe is CVE-2004-2696?
CVE-2004-2696 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2696?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.