BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
References
Link | Resource |
---|---|
http://dev2dev.bea.com/pub/advisory/151 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/15052 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/17138 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2005-12-30 21:00
Updated : 2018-09-27 14:38
NVD link : CVE-2005-4760
Mitre link : CVE-2005-4760
JSON object : View
CWE
Products Affected
bea
- weblogic_server