CVE-2005-4756

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/146	Patch Vendor Advisory
http://www.securityfocus.com/bid/15052	Third Party Advisory VDB Entry
http://secunia.com/advisories/17138	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::
	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0::express:::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1::express:::::
	cpe:2.3:a:bea:weblogic_server:8.1:::::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp3::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp5::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp4::::::
	cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*

Information

Published : 2005-12-30 21:00

Updated : 2018-09-27 14:38

NVD link : CVE-2005-4756

Mitre link : CVE-2005-4756

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

bea

weblogic_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://dev2dev.bea.com/pub/advisory/146", "name": "BEA05-92.00", "tags": ["Patch", "Vendor Advisory"], "refsource": "BEA"}, {"url": "http://www.securityfocus.com/bid/15052", "name": "15052", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/17138", "name": "17138", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-4756", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-09-27T21:38Z"}