CVE-2004-0652

Sažetak

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.

Reference

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
http://secunia.com/advisories/11359
http://securitytracker.com/id?1009766
http://www.kb.cert.org/vuls/id/352110
http://www.osvdb.org/5296
http://www.securityfocus.com/bid/10133
https://exchange.xforce.ibmcloud.com/vulnerabilities/15865

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

06-08-2004 - 04:00