CVE-2004-1755

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp	Patch
http://www.kb.cert.org/vuls/id/858990	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/9502	Patch
http://secunia.com/advisories/10725	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/15826

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:7.0::win32:::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*
	cpe:2.3:a:bea:weblogic_server:7.0::express:::::

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1755

Mitre link : CVE-2004-1755

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

bea

weblogic_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp", "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/858990", "name": "VU#858990", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/9502", "name": "9502", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/10725", "name": "10725", "tags": ["Patch"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15826", "name": "weblogic-multiple-connection-gain-access(15826)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1755", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}