2.1

CVE-2004-0471

EPSS 0.06%
Veröffentlicht 07.07.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Version7.0

Bea ≫ Weblogic Server Version7.0 Editionexpress

Bea ≫ Weblogic Server Version8.1

Bea ≫ Weblogic Server Version8.1 Editionexpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp

Patch

Vendor Advisory

http://secunia.com/advisories/11594

http://securitytracker.com/id?1010129

http://www.osvdb.org/6077

http://www.securityfocus.com/bid/10327

https://exchange.xforce.ibmcloud.com/vulnerabilities/16121

https://nvd.nist.gov/vuln/detail/CVE-2004-0471

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0471

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0471

EUVD