CVE-2005-1744

CRITICAL9.8

Description

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

bea / weblogic_server7.0

References

VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/0604
VENDOR_ADVISORYhttp://secunia.com/advisories/15486
MISChttp://dev2dev.bea.com/pub/advisory/127
MISChttp://securitytracker.com/id?1014049
MISChttp://www.securityfocus.com/bid/13717