Vulnerability Description
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/142PatchVendor Advisory
- http://secunia.com/advisories/17138Third Party Advisory
- http://www.securityfocus.com/bid/15052Third Party AdvisoryVendor Advisory
- http://dev2dev.bea.com/pub/advisory/142PatchVendor Advisory
- http://secunia.com/advisories/17138Third Party Advisory
- http://www.securityfocus.com/bid/15052Third Party AdvisoryVendor Advisory
FAQ
What is CVE-2005-4752?
CVE-2005-4752 is a vulnerability with a CVSS score of 4.6 (MEDIUM). BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privil...
How severe is CVE-2005-4752?
CVE-2005-4752 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4752?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.