CVE-2004-2424

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-2424
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://dev2dev.bea.com/pub/advisory/7 Patch Vendor Advisory
http://www.securityfocus.com/bid/10544 Patch
http://www.osvdb.org/7076 Patch
http://securitytracker.com/id?1010492 Patch Vendor Advisory
http://secunia.com/advisories/11864 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16419
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
Information

Published : 2004-12-30 21:00

Updated : 2017-07-11 18:29

NVD link : CVE-2004-2424

Mitre link : CVE-2004-2424

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

bea

  • weblogic_server