2.1

CVE-2004-0471

EPSS 0.06%
Published 07.07.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Version7.0

Bea ≫ Weblogic Server Version7.0 Editionexpress

Bea ≫ Weblogic Server Version8.1

Bea ≫ Weblogic Server Version8.1 Editionexpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.197

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp

Patch

Vendor Advisory

http://secunia.com/advisories/11594

http://securitytracker.com/id?1010129

http://www.osvdb.org/6077

http://www.securityfocus.com/bid/10327

https://exchange.xforce.ibmcloud.com/vulnerabilities/16121

https://nvd.nist.gov/vuln/detail/CVE-2004-0471

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0471

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0471

EUVD